Cyberattacks bill moves in House
WASHINGTON — A House panel voted overwhelmingly on Wednesday in favor of a new data-sharing program that would give the federal government a broader role in helping banks, manufacturers and other businesses protect themselves against cyberattacks.
The bill, approved 18-2 by the House Intelligence Committee, would enable companies to disclose technical threat data to the government and competitors in real time, lifting antitrust restrictions and giving legal immunity to companies if hacked, so long as they act in good faith. In turn, companies could get access to government information on cyberthreats that is often classified.
It's a defiant move by pro-business lawmakers who say concerns by privacy advocates and civil liberties groups are overblown.
But even while the panel's approval paves the way for an easy floor vote next week, the legislation has yet to be embraced outside the Republican-controlled House. Last year, a similar measure never gained traction and eventually prompted a White House veto threat.
“We've struck the right balance,” said Rep. Mike Rogers, R-Mich., the committee's chairman. “It's 100 percent voluntary. There are no big mandates in this bill, and industry says under these conditions they think they can share (information), and the government can give them information that might protect them.”
The Cyber Intelligence Sharing and Protection Act, or CISPA, is widely backed by industry groups that say businesses are struggling to defend against aggressive and sophisticated attacks from hackers in China, Russia and Eastern Europe.
Privacy and civil liberties groups have long opposed the bill because they say it opens America's commercial records to the federal government without putting a civilian agency in charge, such as the Homeland Security Department or Commerce Department.
That leaves open the possibility that the National Security Agency or another military or intelligence office would become involved, they said. While the program would be intended to transmit only technical threat data, critics said they worry that personal information could be passed along, too.