CISPA reloaded, qui custodiet ipsos custode

By Pierluigi Paganini, Editor-in-Chief

The news is alarming once again the worldwide internet community, The Cyber Intelligence Sharing and Protection act (CISPA) will be reintroduced by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and ranking member Rep. Dutch Ruppersberger (D-Md.) before the US House next week.

The controversial cyber bill raised an heated debate, the act will force any company to give away all the user’s data it collects if asked by the government and the bill that plan to introduce next week will be identical to the version of CISPA that passed the House last spring.

The decision to repeat the bill has been conditions by recent events on cyber espionage campaign against media agencies such as The New York Times and The Wall Street Journal, or by the cyber attacks against the Federal Reserve systems, against U.S. banking and some government departments such as the US Department of Energy.

Rogers highlighted the necessity to take action to against real and dangerous cyber threats excluding any violation to user’s privacy:

 “This is clearly not a theoretical threat – the recent spike in advanced cyber attacks against the banks and newspapers makes that crystal clear,”

“American businesses are under siege,”  “We need to provide American companies the information they need to better protect their networks from these dangerous cyber threats.  It is time to stop admiring this problem and deal with it immediately,” 

“We’re talking about exchanging packets of information, zeroes and ones, if you will, one hundred millions times a second. So some notion that this is a horrible invasion of content reading is wrong. It is not even close to that.”.

The bill has been prepared with primary intent to support intelligence agencies and law enforcement to investigate cyber threats and ensure the security of networks against cyber attack, in particular state sponsored attacks coming from hostile countries such as Iran and competitors such as Russia and China.

The bill would also allow the government to provide classified on cyber threats to private firms, and protect them from legal action in the course of sharing private information, this is possible through voluntary sharing of Internet traffic between private companies and the authorities. The bill was supported by corporates such as Intel, Oracle, Symantec, AT&T, Facebook, IBM, Verizon, and many others, CISPA would expire after five years, and require congressional action to be renewed.

But what’s happened last year and why the US Government vetoed the bill?

The bill was judged no suitable to protect the nation’s critical infrastructure and guarantee at same time the privacy of consumer information that could be shared by companies.

Many organizations of private citizens are on the warpath, the Fight for the Future, a non-profit group “working to extend the Internet’s power for good,” has published an online petition to express opposition to the bill.

But the fear on an imminent cyber attacks against critical infrastructures is high, the government security experts know that the risks is concrete and that foreign governments are continuing probing national networks. Janet Napolitano, head of Homeland Security warned in January that a “cyber 9/11”, which could cripple critical infrastructures such as telecommunication, water, electricity and gas, may be “imminent”. She argued before Congress to pass cyber bill:

“We shouldn’t wait until there is a 9/11 in the cyber world. There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage,” 

Janet Napolitano is not the unique one to alert US government of possible clamorous cyber attacks, United States Secretary of Defense Leon Panetta has contemplated the hypothesis in more than one occasion.

“An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals,”  “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” Panetta declared.

Of course Panetta is in favor of CISPA, he added:  urged that the bill should be passed “to safeguard our national security.” 

And what’s a about Obama position on CISPA?

Obama could issue an executive order on the matter as soon as next week, according to Bloomberg’s revelations, probably  immediately after the State of the Union address this coming Tuesday.

“President Barack Obama will issue an executive order aimed at bolstering U.S. cybersecurity as soon as next week, according to two former White House officials briefed on the administration’s plans. The executive order, expected to be released after Obama’s Feb. 12 State of the Union address, sets up a voluntary program of cybersecurity standards for companies operating vital U.S. infrastructure, according to the former officials, who asked to not be named because the order hasn’t been issued yet.”

Experts believe that the order will set up a voluntary program of cyber security standards for companies that operates with critical US infrastructures.

It’s normal to expect that similar bill will be approved almost everywhere in the world, governments are aware of the dangers and try to do all their possession to ensure the security of citizens … the real problem is who controls the controller, CISPA reloaded …  qui custodiet ipsos custode

Pierluigi Paganini

Sources: CDM and CISPA

February 11, 2013

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...