My Brookings colleague Allan Friedman, a technology and cybersecurity expert, sent over this comment on the House’s approval, yesterday, of the Cybersecurity Intelligence Sharing and Protection Act (“CISPA”). The public discourse about the bill troubles him:
For the past two years, rhetoric surrounding CISPA has been extreme and often very misleading. Opponents certainly have opted for such talk, claiming that the legislation is practically identical to last year’s Stop Online Piracy Act and Protect IP Act, two much-maligned anti-infringement bills. (It isn’t.) Supporters follow suit, claiming that CISPA could mitigate nearly every imaginable risk, from Distributed Denial of Service attacks to bank fraud to national security threats. (It couldn’t). Or consider CISPA sponsor Rep. Mike Rogers, who derided the proposal’s opponents as “14 year-olds in their basements.” (Why the barb? I would think it a good development, if indeed our country is awash in subterranean 14 year-olds interested in cyber law and policy.)
Of course, misleading rhetoric is one thing. Misleading and provocative or even dangerous rhetoric is quite another. On the House floor, Congressman Rogers praised CISPA as “a shot across China’s bow.” This crossed a line, and made me genuinely worried. Assume for the moment that its proponents are correct, and that, among other things, CISPA sets up a badly needed information sharing regime to defend against cyber attacks (after solving the organizational obstacles and creating real incentives, of course). Well, fine. Even if that is true, why should CISPA also be seen as antagonizing other countries, chiefly China? Precisely what about improving the defense of American networks also serves as a warning, that the United States will engage in more offensive cyber activities abroad?
By framing cybersecurity as an us-vs-them question, and repeatedly challenging a sovereign nation that has some understandable concerns about historic hegemony and interference, we move away from a more stable and secure cyberspace. If provoking China truly lead to the House’s approving CISPA, then today was a bad day for cybersecurity.