As the former Ranking Member of the House Intelligence Committee, I am frequently asked what keeps me up at night. Other than weapons of mass destruction, I am most fearful of a catastrophic cyber attack that could contaminate our water supply, disrupt the power grid, bring the banking world to a screeching halt --or worse.
Every day, government and private computer networks are under attack from foreign nations like China, terrorists and hackers trying to uncover sensitive military information and swipe trade secrets from American businesses. Already, hackers have tried to steal everything from pharmaceutical formulas to credit card records to plans for the next-generation fighter plane. Al Qaeda’s persistent efforts to breech our country’s intelligence networks are well documented.
We must act now. After four years of meetings with a broad range of private companies, trade groups, privacy advocates including the ACLU and the administration, I have reintroduced the "Cyber Information Sharing and Protection Act" to protect our national security and economy from this threat. CISPA has twice passed the House of Representatives by wide bipartisan margins in previous Congressional sessions.
Currently, the U.S government is able to use powerful supercomputers and analysts to identify malicious computer code that could be an incoming cyber attack on a government or private network. But legal barriers prevent the government from sharing this information with companies.
The “Cyber Intelligence Sharing and Protection Act” changes that. It is a narrowly-tailored bill that will allow the government to share the “secret sauce” – the malware, viruses and other malicious computer code – with American companies so they can keep a look out and stop the attack before it happens.
Participating companies would then be able to give the government real-time feedback on the cyber threats they identify on a completely voluntary basis so other networks can be protected. Analysts will use this information to better understand the attack – to identify who launched the attack, when and from where. This information will be used to protect against similar attacks in the future.
There has been a lot of misinformation in the media regarding this bill’s impact on privacy and civil properties, which are something I fought to protect throughout this process.
- Some Internet activists have wrongly compared this bill to the “Stop Online Piracy Act,” or SOPA, which targeted people who illegally download music and video files and which I opposed. The bill is intended to combat advanced cyber hackers from stealing classified military information and sensitive trade secrets from companies.
- This is not surveillance. The bill does not allow the government to monitor private networks, read private email, censor or shut down any website.
- Only information “directly pertaining to the threat” can be shared – we’re talking about computer code that looks like reams of zeroes and ones, not your tweets, emails and Facebook posts. The bill encourages companies to strip out any personal information shared with the government.
- There’s no quid pro quo. The bill expressly prohibits requiring companies to give information to the government in exchange for the “secret sauce.” Any information shared by companies is completely voluntary.
I believe this legislation is critical for our national security and our economy. I encourage you to learn more about the bill and continue to weigh in as we work through the legislative process.