The controversial Cyber Intelligence Sharing and Protection Act (CISPA), which would pave a clear legal path for private companies to share more cyber information with the federal government, is a "little ill" but not "dead yet," House Intelligence Committee Chairman Mike Rogers (R-MI) said today. Speaking at an event hosted by the Center for Strategic and International Studies (CSIS), Rogers said that despite the "perception" damage caused by former NSA contractor Edward Snowden "we think there is some hope we can continue to move this particular piece of legislation."
The Senate is working on introducing a revised version of CISPA and Rogers said that he has been working on "confidence builders" to overcome some of what he characterized as misperceptions regarding some of the privacy concerns in previous bills. "I do think there is a path forward on this. I don’t believe we can walk away from this most [urgent] security threat to the United States that we are not prepared to handle."
Rogers also said that Congress is working on a package that would reform the security clearance process in the wake of revelations that Edward Snowden, Chelsea Manning and the Navy Yard shooter all had high-level security clearances. "We’re putting together a package now of changing from a 1950s style 'is candidate A a good American?' [to] a more dynamic review for individuals who are seeking security clearances."
On the other hand, expedited security clearances for the private sector are important given that most assets which need to be protected are in private hands, according to Michael Hayden, former NSA and CIA Director. "The private sector really needs to have clearances and it can’t be stingily metered out by ones and twos by a government that is thinking 'this is fundamentally our stuff,'" Hayden said.
Rogers also defended the NSA's interception of French citizens' phone calls, the latest bombshell report flowing from the Snowden leaks. Terrorists and criminals "use French networks, they use U.S. networks. They don’t care about borders or treaties," he said. "They will use any and every network on the face of the earth. It would be irresponsible for our agencies not to pursue them where they work."
Former Homeland Security Secretary Michael Chertoff echoed Rogers' comments. "It shouldn't be surprising that that activity occurs. You can move the electrons around the world multiple times and it’s always difficult to prove where something comes from."
The security threats in cyberspace are growing rapidly, with some nation-states, such as Iran and North Korea, gaining greater sophistication while the number of potent non-state actors continue to multiply, according to Senior CSIS Fellow James Lewis. Citing an EU representative, Lewis said there are twenty to thirty high-end criminal groups that have the capabilities of nation-states.
"Most of them live in countries that begin with 'R', and it's not Romania," Lewis said. Moreover, "we’ve seen the commoditization of cyber attacks. People will be able to go online and buy tools that let them go after targets."