recommended reading

White House vows to veto CISPA

Ron Edmonds/AP

The White House is threatening to veto a House cybersecurity bill that critics have condemned for encroaching on Americans’ online privacy and not going far enough to regulate critical infrastructure networks.

The Cyber Intelligence Sharing and Protection Act, or CISPA, would allow businesses to share data broadly with intelligence and other federal agencies without setting rules to protect customers’ personal information, argues a statement of Obama administration policy released Wednesday afternoon. Additionally, firms would be able to disclose data about their own security lapses without fear of punishment, White House officials said.

“The sharing of information must be conducted in a manner that preserves Americans’ privacy, data confidentiality and civil liberties, and recognizes the civilian nature of cyberspace,” the statement says.

Some free speech activists and hacker groups have likened CISPA, H.R. 3523, to an intellectual property bill, called the Stop Online Piracy Act, that died in the House amid similar criticism.

“If H.R. 3523 were presented to the president, his senior advisers would recommend that he veto the bill,” White House officials stated.

The administration goes on to say information sharing is inadequate to stanch the flow of trade secrets, personal information and other sensitive information into the hands of hackers. “Information sharing, while an essential component of comprehensive legislation, is not alone enough to protect the nation's core critical infrastructure from cyber threats,” the statement says.

The White House and a Senate cohort led by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, want Congress to let the Homeland Security Department regulate the security policies of firms running networks vital to Americans, such as telecommunications lines, transit ways and water distribution systems.

Congress must require that critical infrastructure companies “are properly protected by meeting minimum cybersecurity performance standards” developed jointly by the firms and DHS, administration officials state, adding “voluntary measures alone are insufficient responses to the growing danger of cyber threats.”

The legislation “would inappropriately shield companies from any suits where a company's actions are based on cyber threat information identified, obtained or shared under this bill, regardless of whether that action otherwise violated federal criminal law or results in damage or loss of life,” White House officials state. “This broad liability protection not only removes a strong incentive to improving cybersecurity, it also potentially undermines our nation's economic, national security and public safety interests.”

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.