Cyber Intelligence Sharing and Protection Act

Floor Speech

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Madam Chairwoman, this amendment represents a commonsense improvement to H.R. 624, which I support, that simply narrows the scope of the authorization for the intelligence community to share classified--I stress, classified--cyber threat intelligence with private sector entities and utilities.

As my colleagues are aware, the administration and some leading voices from the civil liberties and privacy rights communities have raised serious concerns with CISPA as reported out of the Permanent Select Committee on Intelligence. These concerns revolve around the fact that many provisions of CISPA are perhaps perceived as overly vague, or outright silent, with respect to limiting the scope of information sharing and mitigating the risk of unintended consequences.

For example, section 2 of CISPA, titled ``Cyber Threat Intelligence and Information Sharing,'' is silent on what specific purposes classified cyber threat intelligence may be used, retained, or further disclosed by a certified entity. As reported, section 2 only requires that the DNI's procedures governing the sharing of classified cyber threat intelligence between the intelligence community and private sector entities be ``consistent with the need to protect the national security of the United States'' and used by certified entities ``in a manner which protects cyber threat intelligence from unauthorized disclosure.''

In this particular instance, I believe the concerns raised over the potential unintentional consequences from vagueness are real, valid, and ought to be addressed. I also believe it's a false choice that we must somehow choose between effective cybersecurity initiatives on the one hand and preserving the sacred civil liberties and privacy rights we hold so dear as a Nation on the other. In many cases, defining or limiting the scope of authority would go a long way toward addressing the privacy concerns that have been raised with respect to this legislation.

To be clear, I want to recognize that the sponsors of CISPA have already engaged in good faith efforts to incorporate and address outstanding concerns with respect to the legislation that were held by the administration and other stakeholders, and I think that needs to be recognized.

On that note, I am pleased that my amendment that was made in order represents a straightforward improvement, I hope, to CISPA that's consistent with the sponsor's stated commitment to enhancing cybersecurity, safeguarding privacy rights and civil liberties, and ensuring oversight of activity. The amendment simply establishes that, with respect to CISPA's requirements, the DNI establish procedures to govern the sharing of classified cyber threat intelligence--that this classified cyber threat intelligence may only be used, retained, or further disclosed by a certified entity for cybersecurity purposes.

As noted by the ACLU in its statement of support for the amendment, it's consistent with similar restrictions limiting the scope of other information sharing activities addressed in other parts of the bill. The straightforward enhancement will be one of many needed improvements to the bill that will ensure it is a targeted, well-defined bill that directly--and only--strengthens our national cybersecurity.

With that, I reserve the balance of my time.

BREAK IN TRANSCRIPT

Source