From the moment that Japan attacked Pearl Harbor, America learned that it is not an impenetrable fortress protected by thousands of miles of ocean, and on September 11, we were tragically reminded of that fact. Likewise, there is a new kind of threat to the United States that knows no territorial boundaries, but this one travels neither by land, by sea or by air. It’s the threat to America’s cyber security, and today Congress has the opportunity to do something about it.
Whether you know it or not, hackers are busy at work all around the world striking the United States via the Internet in an attempt to steal valuable intellectual property and sensitive information. Using the same methods, these perpetrators of cyber espionage could attack the critical infrastructure that keeps America running, such as the nation’s power grid and water supply.
China is a major cyber espionage culprit. According to the House Permanent Select Committee on Intelligence, U.S. companies have reported Chinese attempts to steal client lists, merger and acquisition data, pricing information, and the results of research and development efforts — all of which gives foreign companies an unfair competitive advantage. That intellectual property theft also costs big money — ranging up to $400 billion per year, not to mention the jobs that go along with it.
Though the United States government has the capability to protect itself against cyber espionage by using both classified and unclassified cyber threat information, the private sector doesn’t get the benefit of this information. Today, the House of Representatives will vote on a crucial bill to do something about it — the Cybersecurity Information Sharing and Protection Act (CISPA), introduced by House Permanent Select Committee on Intelligence chairman Mike Rogers (R-MI) and ranking member Dutch Ruppersberger (D-MD).
Under CISPA, the U.S. government will be able to share information about incoming cyber attacks — that includes providing American companies details on malware, viruses, and other malicious code that pose a threat to their security. That way, attacks can be stopped before they even begin. For their part, the companies would be encouraged to share information about the threats they identify — all on a completely voluntary basis — so that other networks can be protected. And that’s valuable information that computer analysts can use to understand the attack, who launched it, where it’s coming from, and how to protect against other attacks like it.
Civil liberty advocates and other critics of the bill have raised concerns that CISPA is a threat to privacy or could result in the blocking of websites, as was the worry with the Stop Online Piracy Act. However, nothing could be further from the truth
Analysis of the bill shows that CISPA does not allow for any blocking of websites but merely facilitates the sharing of cyberthreat information. It gives no additional authority to the Department of Defense, the National Security Agency, or any other “element of intelligence community to control, modify, require or otherwise direct the cybersecurity efforts of a private-sector entity or a component of the Federal Government or a State, local, or tribal government.”
In addition, the bill includes new measures that would allow the government to use shared cybersecurity information only for a cybersecurity purpose, for a national security purpose, to prevent death or serious bodily harm, or to protect minors from sexual exploitation, kidnapping, and trafficking. That’s in addition to other protections against the improper use of data.
Rogers warns that, “Without important, immediate changes to American cybersecurity policy, I believe our country will continue to be at risk for a catastrophic attack to our nation’s vital networks – networks that power our homes, provide our clean water or maintain the other critical services we use every day.” Rogers is right. As Americans know all too well, the United States is not invincible. Though the nature of the threats may change, the need to defend ourselves remains. The Cybersecurity Information Sharing and Protection Act is a valuable resource in that fight.