Mike Rogers: CISPA Defends America From Internet Predators
CISPA allows the government and private sector to defend America against these cyberattacks, writes the Intelligence Committee chairman
April 18, 2012
The Internet embodies American principles—unconstrained ingenuity and relentless progress are unleashed when people and businesses are free to share their thoughts and ideas. It fuels our economy and the innovation that makes America a global leader. But dangerous economic predators, including nation-states like China, use the Internet to steal valuable information from American companies and unfairly compete with our economy. The cost is staggering. Years of effort and billions of dollars in research and development, strategic business plans, communications, and other sensitive data—all are lost in seconds. The victims span all sectors of our economy, from small businesses to large pharmaceutical, biotech, defense, and IT corporations. Additionally, our industrial control systems, utilities networks, and critical infrastructure are at risk of sabotage.
We must all work together, government and private sector, to defend America against these predators, and we must do it in a way that does not compromise our core principles. The Cyber Intelligence Sharing and Protection Act allows us to take that first critical step of sharing information in a way that is effective but still protects our civil liberties. The bill allows the government's best cyber-resources, our intelligence, Homeland Security, and defense professionals, to share cyberthreat information with the private sector, and the private sector to voluntarily share threat information with both the government and peers in industry. Most importantly, under the bill, information sharing by the private sector is voluntary, with strong controls to ensure that personal information is protected. It allows only information directly pertaining to threats or vulnerabilities to be shared for the explicit purpose of protecting systems and networks from such threats, and it allows those in the private sector to minimize or anonymize the information shared based on their own determination of what is minimally necessary to address those threats. The bill also strictly limits the government: It cannot demand any cyberthreat information from the private sector, or withhold government information to force the private sector to share information. Moreover, information shared by the private sector must be protected from disclosure and can be used only for cyber- or national-security purposes.
At the end of the day, the Rogers-Ruppersberger bill enables the federal government to share cyberthreat information with those in the private sector so they can protect their networks. The bill works because it hinges on the basic American principles of freedom, teamwork, and putting power in the hands of the private sector, not the government.