[Congressional Record Volume 159, Number 56 (Tuesday, April 23, 2013)]
[Extensions of Remarks]
[Page E509]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




             CYBER INTELLIGENCE SHARING AND PROTECTION ACT

                                 ______
                                 

                               speech of

                           HON. NITA M. LOWEY

                              of new york

                    in the house of representatives

                       Wednesday, April 17, 2013

       The House in Committee of the Whole House on the state of 
     the Union had under consideration the bill (H.R. 624) to 
     provide for the sharing of certain cyber threat intelligence 
     and cyber threat information between the intelligence 
     community and cybersecurity entities, and for other purposes:

  Mrs. LOWEY. Madam Chair, I rise in reluctant opposition to the bill. 
It is imperative that Congress take substantial action to bolster 
cybersecurity. The last major cyber bill to become law was the Federal 
Information Security Management Act in 2002, which was generations ago 
in the technology realm.
  I would very much like to support legislation that would bolster our 
defenses and improve information sharing. But CISPA falls short of 
taking the necessary steps to protect our computer and communications 
networks.
  Public and private sector networks are constantly bombarded by cyber 
attacks. Instead of compelling those administering critical 
infrastructure to share information that would mitigate the 
consequences of those attacks, the bill sets up a voluntary framework 
that provides liability protections regardless of whether or not a 
business or operator of critical infrastructure provides the government 
with any information. I cannot support a bill that provides immunity to 
those who fail to take reasonable measures to protect networks.
  Additionally, the bill does not require the private sector to remove 
irrelevant personal information before sharing information with the 
government and between private businesses. Government agencies 
receiving information from the private sector should not be given 
personally identifiable information that is of no security value. Yet, 
amendments to prevent this practice, which raises serious privacy 
concerns, were defeated in committee and prevented from being offered 
on the House floor.
  In February, President Obama issued an executive order expanding 
information-sharing from the Department of Homeland Security and 
Department of Justice to private sector operators of critical 
infrastructure. It is important that Congress take action to expand 
upon the executive order to better protect our networks. Unfortunately, 
CISPA would not adequately protect our cyber networks, and privacy 
concerns remain in this legislation.
  I look forward to working with my colleagues to advance improved 
cybersecurity legislation.

                          ____________________