Green 1 Patrick Green Mr.

Tootalian English 12 24 April 2014 Greens Summary of How CISPA works Government involvement to any degree tends to come along when some thing a lot of people use becomes massively popular with little regulation. As the Internet grows, so does cyber crimes and piracy. The governments answer was to purpose CISPA, an amendment to an already existing security measure that would allow very open access to information on very vague limitations. With recent findings and NSA leaks, the general public seems to be distrustful of their own government. But rewinding about a year ago, before these massive leaks, CISPA was purposed. CISPA stands for Cyber intelligence Sharing and Protection Act with a seemingly good intent. The aim of the new section is to allow and encourage agencies of the federal government, private-sector companies and utilities to share cyber threat intelligence with each other in a timely manner in order to prevent disruption or harm to vital infrastructure due to attacks on the computer systems and networks of these entities.(Johnson). Simply put, the bill intends to allow companies and corporations to freely share information of cyber attacks and cyber threats to better protect the mselves against threats online. Some examples of these threats include Distributed Denial of Service Attacks (DDoS) which essentially overloads the server with too many requests, thus halting traffic or crashing the server, and Phishing, which typically involves clicking an infected link blindly, expecting something else. The main concern about CISPA is that the terms and conditions of information distribution and sharing are not clearly defined. One issue is that it uses blanket terms like "cyber threat intelligence" rather than strictly

Green 2 defining the types of data that can be shared, which could potentially allow companies to obtain and share any sort of information, including personally identifying information (PII), private communications and the like. (Johnson). Similarly, companies in volved with the information sharing would have incredible protection against intentional wrongdoing through CISPA. The bill provides legal immunity to companies sharing information, even if it turns out they did it improperly, provided they acted in "good faith." It also allows immunity "for decisions made based on cyber threat information," but doesn't define "decisions made." From the companies' point of view, this allows them to freely share cyber threat information and to act on that information without worrying about costly lawsuits, but it could completely curtail right of an individual or entity to sue for any harm done, since it is difficult to prove that someone didn't act in good faith. (Johnson). For these reasons, CISPA was essentially dropped off the surface of the earth (or the senate) for the time being, as it is too vague with too many potential areas of abuse. CISPA ties into my aspirations of working Internet security because it involves information being pulled from somewhere for good, or bad usage. I believe that even more so in the future we will have to combat government intervention attempts of Internet regulation, and security will ideally escalate as time goes on. This article further reaffirms my career choice in internet securities to chime in and protect the users of the internet from cyber threats and malicious regulation alike.

Green 3

Johnson, Bernadette. "How CISPA Works" 18 March 2013. HowStuffWorks.com. <http://computer.howstuffworks.com/cispa.htm> 24 April 2014.