1. ARTICLE 4/27/12
To view the original article please click here.
CYBERSECURITY BILL PASSES, OBAMA THREATENS VETO
By David Goldman (CNN)
NEW YORK (CNNMoney) — The House of Representatives, as expected, approved
a controversial cybersecurity bill late Thursday, staring down a veto threat. But the fight to
protect the United States from a cataclysmic cyber attack is far from over.
The Cyber Intelligence Sharing and Protection Act, which has been revised several times over the
past week, allows the government and private companies to share information with one another with
the aim of warding off cyber threats.
Companies would be incentivized to voluntarily share information with the government, and the
United States could share crucial attack information with companies.
The very first step would be to assess the damage that has been done to your personal computer.
What does that mean? The very first look in the equipment needs to be to ascertain if the computer
can still boot into Windows. This may alter things. Clearly, if your computer is not going to boot,
your first priority is to get the computer to boot into Windows.Much of that kind of information
sharing had previously been banned under existing privacy laws.
The bill passed with bi-partisan support, with 42 Democrats joining 206 Republicans to pass CISPA
248-168. That came in spite of the White House’s threat to veto the bill, citing concerns that
the bill’s language doesn’t go far enough to protect citizens’ privacy.
What happens next isn’t exactly clear — except for the fact that no action will likely
happen anytime soon. That’s a concern to security advocates and intelligence officials, who
stress that the nation remains too vulnerable to cyber threats.
The government’s top cybersecurity advisors widely agree that cyber criminals or terrorists
have the capability to take down the country’s critical financial, energy or communications
infrastructure.
2. Such a cyber attack was already launched against Iran in the Stuxnet incident, which significantly
delayed Iran’s nuclear program. The worm ordered the centrifuges in an Iranian nuclear
facility to spin out of control, ultimately destroying it.
It’s an example of how cyberwarfare is leveling the playing field. A cyber attack would be
less difficult to pull off than a 9/11-like attack, considering it could be launched from another
country and the attacker could remain anonymous. Yet it could have the same devastating impact if
attackers used cyberspace to take over our infrastructure, turn off our electricity, release toxins, or
shut down our financial system.
Venezuela, for instance, would never try to attack the United States militarily, but Venezuelan
diplomat Livia Antonieta Acosta Noguera launched cyber attacks here in January in an alleged
Venezuelan plot to disable American nuclear power plants.
“Not only did Venezuela carry it out, they thought they could get away with it,†said
Roger Cressey, senior vice president at security consultancy Booz Allen Hamilton, at a Bloomberg
cybersecurity conference held last week. “That says a lot.â€Â
If the threat is evident, the path forward is anything but. Getting CISPA or any comprehensive
cybersecurity law passed soon faces many obstacles.
The Obama administration prefers the Senate’s version of the bill, sponsored by Sens. Joe
Lieberman (I-Conn.) and Susan Collins (R-Maine), which takes a regulatory approach. The Senate
bill mandates minimum cybersecurity performance standards for private companies that control the
nation’s critical infrastructure.
CISPA, or one of several other cybersecurity bills passed in the House this week, would likely to be
reconciled with the Senate bill. Yet that bill isn’t expected to even pass the Senate, let alone
the House, due to the anti-regulatory mood currently sweeping through Congress.
Some believe that politics will ultimately stall a bill until after the November presidential election.
But other cybersecurity experts closely watching the legislative process expect lawmakers to
ultimately come together in the next few months. They believe politicians can rally behind the core
elements of the bills, including increased information sharing, enhancing law enforcement’s
authority and reform of the existing Federal Information Security Management Act.
“The bill that will eventually reach the president’s desk is not the one that [was passed
by] the House,†said Larry Clinton, CEO of the Internet Security Alliance.
“That’s understood and expected. But the core issues have broad support, and if a bill
addresses all those issues, the president would sign it.â€Â