House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) re-introduced the Cyber Intelligence Sharing and Protection Act (CISPA) this morning. The bill has been numbered H.R. 624.
In their press release, Chairman Rogers and Ranking Member Ruppersberger confirmed that this bill is identical to the version that the full House of Representatives approved by a bipartisan vote of 248-168 on April 26, 2012. The bill sponsors also noted that CISPA had 112 bipartisan cosponsors last Congress. As with all pending legislation in Congress, the start of the 113th Congress last month required the bill sponsors to reintroduce the bill in order to begin the Congressional consideration process again this session.
The press release restates the purposes of CISPA, as follows:
- Allow the Federal government to provide classified cyber threat information to the private sector to help American companies better protect themselves from advanced cyber threats;
- Empower American businesses to share cyber threat information with others in the private sector and enable the private sector to share information with the government on a purely voluntary basis, all while providing strong protections for privacy and civil liberties;
- Provides liability protection for companies acting in good faith to protect their own networks or share threat information.
As drafted, CISPA would cover a critical component of federal cybersecurity regulation that cannot be achieved by a presidential executive order alone, which is the provision of liability protections that are necessary to provide sufficient incentives for private sector businesses to participate in a voluntary information-sharing framework. As stated in the House Intelligence Committee’s General Backgrounder to CISPA, “Too often, companies that would like to share cyber threat information with other parts of the private sector are prevented or deterred from doing so by a range of policy and legal barriers.” The bill purports to address those issues, in part, through its liability protections. CISPA also includes protections for individually identifiable information, a five-year sunset provision, and requirements for unclassified reports to Congress.
Please see our Cyber Alert for additional information on CISPA.