Foxx Statement on Passage of Cyber Intelligence Sharing & Protection Act

Congresswoman Virginia Foxx (R-NC) today issued the following statement upon voting in favor of H.R. 624, the Cyber Intelligence Sharing & Protection Act (CISPA):

“The United States government and American businesses are targeted by malicious cyber attacks every day. The people and foreign governments behind these attacks attempt to steal personal information, poach intellectual property, damage critical infrastructure, and disrupt commerce – each of which could be devastating to national and economic security. To build better defenses it would help if our government and private enterprises had the option to communicate with each other about current attacks and threats coming on the horizon. Right now, they can’t. The law prohibits them from doing so, leaving each to fend for themselves. The Cyber Intelligence Sharing & Protection Act will open channels of communication so government and businesses can work together, if they choose, to ward off cyber threats.”

H.R. 624 will improve internet security by allowing federal intelligence personnel and private-sector companies to communicate with each other about cyber threats.  Such information sharing will help companies better protect confidential information from future online attacks. Additionally, CISPA ensures all information transmitted as part of intelligence sharing only be used for cyber-intelligence purposes.

CISPA was approved by the House of Representatives by a bipartisan vote of 288-127. On April 10, 2013 it passed the House Intelligence Committee by a vote of 18-2.

In response to privacy concerns, the House Intelligence Committee has supplied the following information:

• -     CISPA provides strong protections for privacy and civil liberties while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks.
• -     CISPA permits only private sector identification and sharing of cybersecurity threat information when a company is engaged in the protection of its own systems or networks, or those of a corporate customer.
  • *     The bill provides no new authorities to the government to monitor private networks.
  • *     The bill does not require anyone to provide any information to the government; all sharing of information with the government is voluntary.
  • *    The bill also makes clear that it does not allow the government to “task” private sector entities to provide information to the government or require information sharing with the government in exchange for receiving classified threat information.
  • *     The bill explicitly permits the private sector to restrict the information it shares, including anonymizing or minimizing the data, including threat information shared with the government.
  • *     The definition of a “protected entity” excludes individuals, preventing an internet service provider from sharing information about one of its individual customers.
  • *     Information shared with the government under the bill is restricted to a narrow list of uses.
  • *     The definition of “cyber threat information” was narrowed during House floor consideration in 2012 to ensure the bill’s authorities could not be misinterpreted or misused for broader purposes.
• -     CISPA  requires the Intelligence Community’s Inspector General to annually review and report on the government’s handling and use of information that has been shared by the private sector under this bill.