The House of Representatives last week approved a controversial cybersecurity information-sharing bill despite a veto threat from President Obama that makes further action on the measure unlikely.
H.R. 624, the “Cyber Intelligence Sharing and Protection Act” or CISPA, would establish procedures for the Director of National Intelligence to share sensitive cyber threat information with private businesses and public utility operators – including operators of water and wastewater utilities – that hold appropriate security clearances. The bill would also offer liability protections for authorized recipients of cyber threat data that act based on the information. It does not include any new rules or regulations for critical infrastructure owners and operators.
CISPA won House approval on a bipartisan vote of 288-127, but the bill has attracted strong opposition from many civil liberties advocates who fear that it could prompt private companies to hand personal Internet user information over to the government. This was among the concerns that led the White House to issue a veto threat against the bill on April 16. The White House also believes the liability protections are unnecessarily broad. Notably, the veto threat also criticized CISPA’s lack of provisions for “the establishment and adoption of standards for critical infrastructure.”
The Senate is not expected to take up S. 624, but Democratic leaders in that chamber also do not appear to have enough votes to advance their preferred cyber legislation that includes critical infrastructure standards.