Trade organization the Business Roundtable issued a 32-page report this week backing the approach taken by the House of Representatives to fight cybersecurity threats. That approach, the bill called the Cyber Intelligence Sharing and Protection Act (CISPA), passed the House. The Senate proposed another bill called the Cybersecurity Act of 2012. The House bill passed, but the President didn't think it offered enough protections for American Internet users' privacy rights. He supported the Senate's version of the bill which took a more regulatory approach to protecting critical infrastructure. Both bills were opposed by various internet rights groups because of the vague language they offered when it came to information sharing between corporations and government agencies like Homeland Security and the NSA.
In its 32-page report, the Business Roundtable said that it preferred the approach taken by the House last year. The Business Roundtable supporting this bill should be troubling to rights groups and Internet users because of who its members are. The group is made of CEOs at various businesses in the U.S. including some technology companies, service providers and even retailers and financial institutions. Member companies include American Express, AT&T, Bank of America, Citigroup, Dell, Fedex, IBM, Conoco Phillips, Microsoft Corporation, Motorola Mobility (owned by Google), NASDAQ, Target, Texas Instruments, Time Warner Cable, UPS, Verizon Communications, Viacom, Visa, and Yahoo – just to name a few.
While the group soundly rejects new federal cybersecurity regulations it is willing to accept a more self-regulatory approach in which private companies would work with the government to secure critical infrastructure against cyber threats. The problem is that the report offers no solutions on how two-way sharing would be balanced with the privacy rights and security of Internet users. What information would be shared freely, what would trigger the ability for a company to share that information with a government agency, and what legal steps would have to take place before any of this was allowed to happen.
"The private sector should collaborate by sector, and potentially across sectors to deploy mitigation strategies based on the outcome of threat-informed risk assessments," the group wrote in its report. "Both the private sector and the government should invest in advanced and collaborative risk management and mitigation capabilities to keep pace with evolving threats."
As part of its proposals, the group asked Congress and the Obama administration to create a task force of senior leaders to oversee and report on risk mitigation efforts between the private sector and government.
"We are very supportive of the CISPA bill," said Liz Gasster, vice president of Business Roundtable. "For that to happen between the private sector and the government, Congress has to remove current legal barriers," she added.
Gasster said that concerns raised by privacy groups had been addressed in the final version of CISPA that was finally passed by the House. Any privacy issues then could be addressed through subsequent legislation, she added.
You can read the full report here.