Rep. Will Hurd (R-Texas), a freshman who is the chairman the Information Technology Subcommittee of the Committee on Oversight and Government Reform, told the Federal Drive with Tom Temin thatCISA will help prevent another major private sector cyber breach while protecting the sensitive personal information of individuals.
“It’s going to have liability protections and at the end of the day, I think we’re also going to make sure we’re protecting civil liberties,” Hurd said. “This is about sharing information. This is not about creating an intelligence organization and we’ve got to remember that. We can protect our digital infrastructure and our civil liberties at the same time.”
The bill encourages companies and the government to trade data about cybersecurity threats. Supporters of the bill say it would let the government provide damage control to companies such as Sony and Target in the event of a massive data breach.
Hurd said the bill has bipartisan support and addresses an urgent issue.
“It needs to be done, and this is one area where Republicans and Democrats in the House and the Senate and the White House are all in agreement,” he said.
Now the bill goes to a conference committee to sort out the differences between the House and Senate bills. The conference committee likely will happen after the new year.
Some privacy proponents, however, say CISA goes too far. Sen. Ron Wyden (D-Ore.), a member of the Select Committee on Intelligence, said the federal government shouldn’t be trusted with more personal information after the massive Office of Personnel Management data breach.
“Strengthening privacy goes hand in hand with better cybersecurity. Sharing more personal information with the government heightens the risk that hackers will poach data from an insecure federal database, and adds background noise from information unrelated to cyber threats,” Wyden said after CISA passed in the Senate.
But Hurd and other supporters say the risks are growing quickly, and the legislation helps both government and industry deal with those increased attacks.
Hurd said vulnerabilities in the federal supply chain security pose a greater risk to cyber attacks.
“When you look at some of the major hacks, it’s usually because somebody, a third party provider, is the one that didn’t have the same protections in place. And that’s something that should be a question and will be a question as we go forward in looking at the implementation of all these laws,” he said.
Cybersecurity priorities don’t stop at CISA, Hurd said.
“This is not even the first chapter of the book. This is the preface. So we’re creating an environment and framework in which to share information, and this is the first step,” he said. “This is the first step to ensure the federal government’s sharing as much information as it possibly can with the private sector, so the private sector can help protect itself.”
Hurd wants full funding for the Department of Homeland Security’s EINSTEIN system, which is meant to create a governmentwide perimeter around agency networks — something the current two-year budget deal doesn’t offer.
“When it comes to cybersecurity, there’s not one silver bullet. You’ve got to do a lot of different things. It’s about following best practices and EINSTEIN’s one of those,” Hurd said. “I want Homeland Security to get it up and running. Let’s get it on as many ISPs as we can. Let’s start sharing the data across the federal government and sharing that with the private sector as well as what we’re learning from those types of intrusions that it’s blocking. I think Homeland Security is poised to be able to do that.”