Not Another SOPA: U.S. President Asks Senate to Pass Cybersecurity Act */?> Not Another SOPA: U.S. President Asks Senate to Pass Cybersecurity Act

Posted by · July 20, 2012 4:24 pm

As the latest version of the Cybersecurity Act of 2012—CISPA’s sister legislation—made its way to the Senate floor on Thursday night, President Obama took to the opinion section of the Wall Street Journal to express his administration’s concern about “security gaps that have to be filled” with comprehensive cybersecurity legislation.

“It doesn’t take much to imagine the consequences of a successful cyber attack,” the President wrote. “In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home.”

This is a given. With the connection of everything from the nation’s financial system to local utility grids to the World Wide Web, it is imperative that proper safeguards are instated to prevent a data-breach-induced financial or health crisis. To adequately meet such a need, part of the process must involve the modernization of laws governing the sharing of certain types of information between private companies and government.

To put this need into perspective, the President continues his op-ed by giving similar standard-setting policies that are integral to this cooperative relationship between private enterprise and public need:

The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.

Interesting approach to computer securityThis seems reasonable. By setting minimum security standards for businesses that deliver fundamental goods and services, such a policy is intended to protect the interests of company and public alike.

However, close calls involving highly invasive bills including the Stop Online Piracy Act (SOPA), Protect Intellectual Property Act (PIPA), and Cyber Intelligence Sharing and Protection Act (CISPA), many are inclined to immediately cringe at the thought of yet another cybersecurity bill. This is also understandable, and the President was sure to address such concerns as he approached the conclusion of his opinion piece (emphasis added):

Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections.

A closer look at the Cybersecurity Act of 2012 (see entire bill below) which the President supports reveals a piece of legislation that is in fact far more palatable in comparison to its more widely sweeping predecessors. In a blog post about the revised bill, the Electronic Frontier Foundation—an outspoken critic of SOPA and PIPA—expressed that it was pleased with the clear progress that has been made.

“This new bill drastically improves upon the previous bill by addressing the most glaring privacy concerns,” the EFF confirmed. “This is huge, and it’s thanks to the outcry of Internet users like you worried about their online privacy.”

Such improvements, as the blog post points out, include ensuring that only civilian agencies (not paramilitary and intelligence agencies) are managing cybersecurity; limiting and clearly defining the instances in which information sharing is appropriate; narrowing the scope of use of said information by law enforcement; underscoring specific protections against classifying protected speech and terms of use violations as “cybersecurity threats”; and even specific assurances that the bill does not authorize the obstruction of net neutrality.

However, the rights group added, “we remain unpersuaded that any of the proposed cybersecurity measures are necessary and we will have concerns about certain sections of the bill, especially the sections on monitoring and countermeasures.”

With debate on the bill in its current form set to take place starting next week, such progress warrants a partial sigh of relief. Having not yet read the entire 211-page bill myself, I am not in any position to offer a conclusive take on the bill. Nevertheless, given the increased consideration by legislators to the free speech and privacy concerns of the American people, it is encouraging to know that the process is moving in a positive direction.

And so long as that room for dialogue is preserved, I am confident that a workable balance that preserves individual rights while allowing for the modernization of our critical digital infrastructure can be reached.
Cybersecurity Act of 2012

To read more about the Cybersecurity Act of 2012…