Putting the Cyber Intelligence Sharing and Protection Act (CISPA)

The implementation of the Cyber Intelligence Sharing and Protection Act (CISPA) sparks a new debate because some of the clauses appear to be ineffective or unnecessary. As the bill passed through the House, the Senate should have considered enhancing or correcting various sections of it, because the Senate is always a better location to bargain agreements about what would have been done to the bill before the completion of its legislative process.

The Core Notion Behind CISPA

Although the CISPA needs to be improved in various areas before it can be used successfully, it currently has broad agreement on the core notion that sharing information about cyber threats will strengthen the country's security posture. The CISPA, as currently constituted, will significantly improve the situational awareness of the country's law enforcement authorities and front-line Information Technology professionals by breaking down various legal barriers that have been discouraging the process of information sharing among and between the private and the public sectors (Craig, Valeriano, & Bren, 2016).

Positive Components of the CISPA

Additionally, the CISPA benefitted from a broad range of significant refinements when it moved through the committee stage and the debate processes on the floor of the house. One of the positive components of the Act is that it stipulates that the government of the United States can only use the information it acquires from the private sector for cyber security purposes. Additionally, the Act has narrowed the definition of what constitutes a cybersecurity (Jasper, 2016). As currently constituted, the Act also considers various government civilian agencies such as the Justice system, as well as the Department of Homeland Security as the primary hubs for the private sector, to make various reports regarding potential cyber threats. Such civilian government agencies also have the authority of oversight for privacy concerns as provided for in the Act (Craig, Valeriano, & Bren, 2016). Another positive aspect of the CISPA is that it makes it clear that it does permit the U.S government agencies to engage in activities relating to surveillance of U.S citizens (Jasper, 2016).

Additional Improvements to the CISPA

However, despite having such positive components, the law still requires some additional improvements aimed at strengthening the positive provisions and scraping off various negative parts that appear to be of no benefit in achieving the intended goal of the CISPA. There is a great need to the Senate to reconsider the state of the Act as currently constituted and make various changes that will receive support from a majority of American citizens and various stakeholders.

Voluntary Sharing of Cyber Threat-Related Information

One of the improvements that need to be made on the CISPA is that the sharing of cyber threat-related information with different government agencies should be voluntary and the government need not apply force when seeking such information from the citizens. The CISPA should not have defined mandates due to several good reasons. One of such reasons is that the lack of a defined mandate would make it easy for the information sharing process and even improve the quality of the information shared among and between the public and the private sectors. That is because defining mandates for the CISPA, as currently constituted, implies rules and regulations which are likely to stagnate the speed of information gathering from both the public and private sectors (Craig, Valeriano, & Bren, 2016). Having a voluntary version of the CISPA with fewer rules and regulations will help in promoting the adoption of the law, as well as the speed of detecting and preventing fast-moving cyber threats effectively.

Liability Protection and Civilian Agencies

Another change that needs to be done on the CISPA is that the Act should clearly stipulate that companies and organizations will only be entitled to liability protection if a civilian agency becomes their first contact point in the process of sharing cyber threat information with various government agencies. Providing such a specification in the CISPA is critically significant because it is the civilian agencies that are best equipped to address issues relating to civil liberties and privacy. That does not, however, imply that companies and organizations should be barred from sharing information with any government agency of their choice (Jasper, 2016). If a company, for example, is already sharing information with any government agency legally, then that correlation should continue. However, there should be a simple directive or rule in the CISPA specifying that liability protection is only available when a civilian agency becomes one's first stop in the process of information sharing.

Enforcing Cyber Threat Information Sharing Contracts

Another adjustment that would be necessary to make CISPA more effective is that it should include a clause that will hold companies accountable for honoring various contracts that restrict the types of cyber threat information that people may share with the government. It is a common practice, for example, for companies to include such details in their user agreements and other different contexts. If such contracts get violated, then the law should allow the customers of such companies challenge the companies. It is understandable that organizations should not be forced to break their contractual agreements (Jasper, 2016). However, including a clause in the CISPA that clarifies such agreements would be beneficial since it would ensure that the information sharing process remains voluntary. Additionally, the standards provided in the CISPA need to be flexible and take into consideration the reality of an ever-changing landscape of cyber threat.

Conclusion

If such considerations are taken into account, the government, through the Senate, will have an opportunity to enhance the protection of civil liberties and citizens' privacy, as well as prevent government agencies from forcing companies into sharing information beyond what would be necessary or appropriate. Besides, such measures would enhance the creation of a stable cybersecurity footing that the country currently requires.

References

Craig, A., Valeriano, B., & Bren, D. (2016). Reacting to Cyber Threats: Protection and Security in the Digital Age. Global Security And Intelligence Studies, 1(2). http://dx.doi.org/10.18278/gsis.1.2.3

Jasper, S. (2016). U.S. Cyber Threat Intelligence Sharing Frameworks. International Journal Of Intelligence And Counterintelligence, 30(1), 53-65. http://dx.doi.org/10.1080/08850607.2016.1230701