It died in the 113th Congress, but supporters of controversial cyber-security legislation are hoping to revive it next year, now that a high profile hack has the nation’s media transfixed.
“A lot more needs to be done,” said President Obama speaking to reporters on Friday about the matter. “We’re not even close to where we need to be.”
He then made a pitch for the government to have capabilities laid out in the Cyber Intelligence Sharing and Protection Act (CISPA). That bill passed the House of Representatives in 2013, despite concerns about it potentially enabling the improper transfer of personal data to US government networks.
“One of things in the new year that I hope congress is prepared to work with us on is stronger cyber security laws that allow for information sharing across private sector platforms as well as the public sector,” the president said.
Upping the threat level while making a similar appeal on Friday after the President, outgoing chair of the Senate intelligence committee Dianne Feinstein (D-Calif.) told CNN that “we are going toward bloodshed” in the absence of new cyber-security legislation.
“Attacks can come in a number of different ways. You can be attacked on the electrical system…We’re getting into the arena of major attacks,” she claimed, before calling for the passage of a bill that allows companies to “share information both with each other and through a portal with the government.” Sen. Feinstein added that companies should “be protected from liability for so doing.”
Privacy groups like the Electronic Frontier Foundation argue that CISPA, a law she was almost certainly referring to, is written too broadly and infringes on personal privacy.
“It allows companies to hand over large swaths of personal information to the government with no judicial oversight—effectively creating a ‘cybersecurity’ loophole in all existing privacy laws,” the organization said on its website.
Testifying before the House Intelligence Committee last month, NSA chief Admiral Mike Rogers claimed that there is a possibility of “catastrophic failures” from cyber-attacks in the future. He also acknowledged, however, that Americans had “very valid” privacy concerns about legislation like CISPA.
Adm. Rogers called for a transparent dialogue with the public about exactly what type of information could be shared between companies and the US government as part of CISPA or any cyber-security legislation. During the hearing, Rep. Adam Schiff (D-Calif.) suggested such measures should come with increased privacy protections that would require companies to strip out sensitive personal data from information shared with the government in attempts to defend the country against a cyber threat. In response, Adm. Rogers said he was open to the idea.
The NSA head, nonetheless, made no attempt to refrain from inducing panic in a similar way to Sen. Feinstein on Friday. When asked by a member of the panel about the possibility of a “Pearl Harbor-style cyber attack” hitting the US, he said it was a question of when, not if.
“I bet it happens before 2025,” he told lawmakers.