Skip to main content

All you need to know about Washington’s big cybersecurity push

CISPA
Image used with permission by copyright holder

The war over cyber war has sparked up once again. Last week, Washington saw not one but two major cybersecurity moves in the U.S. capital. On Tuesday, President Obama signed an executive order that gives federal agencies greater authority to share ‘cyber threat’ information with the public sector, a move the president touted in his State of the Union address. The same day, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), a hotly contested bill that passed the House last year, but died in the Senate.

Given the often vague nature of cybersecurity, the denseness of proposed legislation and executive orders, and the passion for these issues on both sides, some dispassionate clarification is due. Here’s a busy person’s guide to Washington’s big cybersecurity push.

What does President Obama’s executive order do?

Obama’s executive order aims to bolster cybersecurity protections for the nation’s ‘critical infrastructure’ networks – electrical grids, dams and other power stations, water supply companies, air traffic control, and financial institutions – through increased sharing of information. Specifically, it authorizes the government to provide companies that run critical infrastructure networks with “cyber threat information.”

“It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats,” the executive order reads.

The executive order also calls for the federal government to draft recommendations for ways in which critical infrastructure providers can protect themselves from cyber attacks. Companies would not, however, be required to abide by these recommendations. It will also clarify which government agencies will take part in cybersecurity efforts.

Read the full executive order here.

Does anybody think this is bad?

Not really. Pro-business think tank the Heritage Foundation praises parts of the order, but also says it’s too broad in scope, meaning it may rope in businesses that don’t really need to be involved (“like agriculture”). Heritage also worries that it won’t do a very good job of increasing sharing, and believes it may lead federal agencies to increase their regulatory reach.

Privacy advocates, however, believe the executive order strikes the right balance between increased security and protections for personal liberty, as it only allows sharing in one direction: from the government to businesses – a key distinction, as we’ll see further on.

“Two cheers for cybersecurity programs that can do something besides spy on Americans,” wrote the ACLU.

The biggest complaint concerns Obama’s use of executive orders in general, which critics say circumvents the checks and balances of our government. True as that may be, a public executive order is seen by some experts as better than one that’s kept a secret, as many have been in the past.

What does CISPA do?

Like Obama’s cybersecurity order, CISPA’s primary aim is to increase the sharing of cyber threat information (or CTI, as the cool kids call it). Unlike Obama’s order, however, CISPA allows the sharing of information in both directions – from government to business, and vice versa. Sharing is not required by the law, but it is allowed.

CISPA also provides broad legal immunity to companies that collect and share CTI with the federal government, as long as they do so “in good faith” – which might mean businesses can’t be sued or charged with crimes for collecting and sharing CTI under CISPA. Furthermore, CISPA shields the shared CTI from transparency mechanisms, like the Freedom of Information Act (FOIA).

Read the full text of CISPA here: PDF.

Does anyone think this is bad?

You betcha. Privacy advocates are particularly peeved by this bill because they fear it will let the government get its mitts on our private communications; because we won’t know what of our information is being shared, they say; and because it may take away our power to punish companies that collect and share the information they have on us.

“Our concern from day one has been that these combined power and immunity provisions would override existing privacy laws like the Wiretap Act and the Stored Communications Act,” wrote the Electronic Frontier Foundation (EFF). “Worse, the law provides immunity ‘for decisions made based on’ CTI. A rogue or misguided company could easily make bad ‘decisions’ that would do a lot more harm than good, and should not be immunized.”

As soon as CISPA’s return was announced a last week, a variety of Internet-centric civil liberties groups, including Demand Progress, Fight for the Future, EFF, Avaaz, ACLU, and Free Press, launched petitions against CISPA. On Thursday, Demand Progress and Fight for the Future delivered more than 300,000 signatures to the House Intelligence Committee in protest of CISPA. And more than 1 million people have signed anti-CISPA petitions so far.

CISPA co-sponsors, Reps. Rogers and Ruppersberger, are doing everything they can to tamp down concern over CISPA, arguing that the bill is not about spying on citizens, and that increased sharing of CTI between the public and private sectors is an no-brainer way to combat cyber threats.

On the business side, U.S. Telecom, a lobbyist group from Internet service providers; CTIA, the wireless industry’s lobbying arm; and AT&T have all come out in favor of CISPA – but we should expect far more support from the private sector. Last time around, hundreds of companies directly or indirectly (through their lobbying groups) voiced support for the bill, including tech giants like Facebook and IBM.

Why is this happening all happening now?

Because the people in our government are convinced cyber attacks are a serious problem, and getting worse. According to a December report from the Department of Homeland Security, cyber attacks on oil pipelines and electricity providers has risen 52 percent over last year. And the National Intelligence Estimate recently indicated that the U.S. is, as the Washington Post tells it, the “target of a massive, sustained cyber-espionage campaign that is threatening the country’s economic competitiveness.”

All of this comes in front of the backdrop of sustained hacks of The New York Times, Wall Street Journal, Washington Post, and Bloomberg News by Chinese hackers – high-profile attacks which put cybersecurity concerns more firmly in the public mind.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to change your language in Google Chrome on desktop
Chrome OS

Google Chrome supports a wide range of languages. While it'll default to English in most cases, there's nothing stopping you from changing its settings and displaying pages in Spanish, French, or dozens of other languages.

Changing your default language in Chrome takes only a few seconds, and the technique used is the same across Windows and Mac. Aside from changing your language, note that Chrome now gives you the option to automatically translate pages written in another language – making it easy to read content from around the globe.

Read more
23 of the best Netflix hacks, tips, and tricks
The Netflix home screen.

Netflix is one of the most popular streaming platforms for all things movies and TV shows. Home to an immense library of titles, the Netflix archive is constantly changing and evolving, and so are the many ways you can use your Netflix account. 

For instance, did you know you can access region-locked Netflix shows and flicks by using a VPN? Or that you can disable that pesky Autoplay feature? There are tons of Netflix hacks, tips, and tricks out there, so we’ve gone ahead and rounded up all of our favorites! 
Expand your streaming with a VPN

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more