House Passes Controversial Cybersecurity Bill

As expected, the U.S. House of Representatives on Thursday passed a controversial bill that aims to bolster the nation's defenses against cyber threats.

The measure, the Cyber Intelligence Sharing and Protection Act, or CISPA, would authorize the National Security Agency and other intelligence agencies to share information about digital threats with owners of financial networks, energy grids and other critical infrastructure.

The legislation, which cleared the House by a vote of 288 to 127, also would immunize companies that exchange information with the government and one another from legal liability that many firms say currently deters such sharing.

Ninety-two Democrats voted with Republicans in favor of CISPA, which garnered more Democratic support than a similar measure that passed the House last year with the backing of 42 Democrats.

The push for cybersecurity legislation now moves to the Senate, where efforts to advance a bill to address digital threats failed twice last year. However, the current push comes a amid a wave of cyberattacks on the nation's biggest banks and a report in February that hackers tied to China's military have stolen business secrets from U.S. companies for years.

"This is a good day for Americans," Rep. Dutch Ruppersberger, D-Md., the top Democrat on the House Intelligence Committee who joined with the panel's chairman, Rep. Mike Rogers, R-Mich., to sponsor CISPA, tweeted after the House vote.

The American Bankers Association and other business groups back CISPA, which supporters say would allow private-sector firms to swap information about digital threats with the government and one another in real time.

Critics charge that CISPA lacks safeguards that would require companies to strip people's personal data from information before sharing it with spy agencies. "This bill undermines the privacy of millions of Internet users," Rainey Reitman, activism director at the Electronic Frontier Foundation, a civil liberties group, said in a statement posted on the group's website after Thursday's vote.

Prospects for the legislation in its current form remain uncertain.

The White House has threatened to veto the measure because of privacy concerns, but said it stands ready to work with Congress to strengthen the nation's cyber defenses.

In January, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., introduced a bill that calls for information sharing about cyber threats between the government and private-sector firms but stops short of specifying a mechanism for achieving the goal. Rockefeller, who is joined in the effort by Intelligence Committee Chairman Dianne Feinstein, D-Calif., and Homeland Security Committee Chairman Tom Carper, D-Del., has called advancing the legislation a priority.

During debate on the measure Thursday, CISPA's backers took steps they hoped would win over legislators who shared concerns about the bill's effect on privacy.

The House adopted an amendment by Homeland Security Committee Chairman Michael McCaul, R-Tex., that would have run information about cyber threats through the Department of Homeland Security, a civilian agency, before the information went to the intelligence services.

Though the amendment passed overwhelmingly, it proved to be insufficient to win over many legislators. "Our response to cyber threats must balance our security with our liberty," Nancy Pelosi, D-Calif., the Democratic minority leader, tweeted on Thursday afternoon. "I cannot support #CISPA in its current form."

For reprint and licensing requests for this article, click here.
Bank technology Law and regulation Community banking
MORE FROM AMERICAN BANKER