Cyberattacks Bring Government Attention to Security Reform

Feb. 22, 2013 -- Recent accusations of a large-scale cyber crime effort by the Chinese government left many wondering what immediate steps the president and Congress are taking to prevent these attacks from happening again.

On Wednesday, the White House released the administration's Strategy on Mitigating the Theft of U.S. Trade Secrets as a follow-up to the president's executive order. The strategy did not outwardly mention China, but it implied U.S. government awareness of the problem.

"We are taking a whole of government approach to stop the theft of trade secrets by foreign competitors or foreign governments by any means -- cyber or otherwise," U.S. Intellectual Property Enforcement Coordinator Victoria Espinel said in a White House statement.

As of now, the administration's strategy is the first direct step in addressing cybersecurity, but in order for change to happen Congress needs to be involved. So far, the Cyber Intelligence Sharing and Protection Act (CISPA) is the most notable Congressional legislation addressing the problem, despite its past controversy.

Last April, CISPA was introduced by House Intelligence Committee Chairman Mike Rogers, R-Mich., and Rep. Dutch Ruppersberger, D-Md. The act would allow private companies with consumer information to voluntarily share those details with the NSA and the DOD in order to combat cyber attacks.

The companies would be protected from any liabilities if the information was somehow mishandled. This portion of the act sounded alarm bells for CISPA's opponents, like the ACLU, which worried that this provision would incentivize companies to share individuals' information with disregard.

CISPA passed in the House of Representatives, despite a veto threat from the White House stemming from similar privacy concerns. The bill then died in the Senate.

This year, CISPA was reintroduced the day after the State of the Union address during which the president declared an executive order targeting similar security concerns from a government standpoint.

In contrast to CISPA, the executive order would be initiated on the end of the government, and federal agencies would share relevant information regarding threats with private industries, rather than asking businesses to supply data details. All information shared by the government would be unclassified.

At the core of both the executive order and CISPA, U.S. businesses and the government would be encouraged to work together to combat cyber threats. However, each option would clearly take a different route to collaboration. The difference seems minimal, but has been the subject of legislative debates between the president and Congress for almost a year, until now.

"My response to the president's executive order is very positive," Ruppersberger told ABC News. "[The president] brought up how important information sharing is [and] by addressing critical infrastructure, he took care of another hurdle that we do not have to deal with."

Addressing privacy roadblocks, CISPA backers said the sharing of private customer information with the government, as long as personal details are stripped, is not unprecedented.

"Think of what we do with HIPAA in the medical professions; [doctors do not need to know] the individual person, just the symptoms to diagnose a disease," Michigan Gov. John Engler testified at a House Intelligence Committee hearing in an attempt to put the problem into context.