House, Obama Administration nearing an agreement on CISPA

"We're still negotiating a lot of little pieces of the bill with privacy groups and the White House, and we're having great conversations with both Democrat and Republican senators now, so I'm hoping to have that wrapped up by April, where we can actually move a product in April," Rogers told the Hill.

A new version of the Cyber Intelligence Sharing and Protection Act (CISPA) was introduced in the House by Rogers and ranking member Rep. Dutch Ruppersberger (D-Md) last month. A similar joint bill passed the House last year, but died in the Senate amid administration objections.

The bill is primarily an information-sharing initiative, which would make it easier for private corporations and government entities to share information on threats, attacks and remedies in order to shore up defenses. However, at issue is the scope of the roles that the Department of Homeland Security and other government agencies would have, and how personal information will be used and protected.

The House bill as written would offer broad protection from lawsuits to companies that give over user data to the Department of Homeland Security, which in turn would share it with intelligence agencies on a need-to-know basis. But parsing out user data only related to specific threats is an onerous process for companies, requiring significant IT investment. Plus, it is likely that a good amount of unrelated personal information could slip through the reporting cracks, which has opened up questions of privacy.

"Candidly, you don't need a lot of personal information to fight the threat," Rogers told Reuters.

Rogers said the talks have been spurred along by recent high-profile hacks at venerable institutions like the New York Times, and major technology companies like Apple and Facebook.

"What helped is that the New York Times, Washington Post and Wall Street Journal were all hacked and they talked about it publicly," Rogers said. "It is starting to raise awareness. I can feel movement."

Rogers also said that state-sponsored cyber-terrorism activity is forcing everyone’s hands. For instance, he has "a high degree of confidence" that Iran was behind the recent spate of attacks on financial institutions as well as the August 2012 attack on Saudi Aramco that took out 30,000 PCs.

"You have this non-rational actor that has the capability to cause chaos to people's networks and could be economically destructive,” Rogers said.

What’s hot on Infosecurity Magazine?