In April 2012, the US House of Representatives voted to pass the controversial Cyber Intelligence Sharing and Protection Act, or CISPA, which was supposed to make it easier for businesses to share information about possible cyber attacks and threats with each other as well as the US government.
However, critics of CISPA were not happy with the broad reach of the bill's language and felt that it could be used as an excuse by businesses to spy on Internet users. Microsoft first supported CISPA but later seemed to back away from the broad language, saying that any such cyber security law should "honor the privacy and security promises we make to our customers." The CISPA bill then died in Congress before a vote could be made in the US Senate.
This week, US President Barack Obama announced new executive orders designed to beef up cybersecurity without having to go through Congress. While the orders replicate some of what was proposed in CISPA, they don't require that private companies share security threats they might have learned with the government. Federal agencies can offer security threat information to private companies under the order.
In a new blog post, Microsoft's Scott Charney, its Corporate Vice President for Trustworthy Computing, stated:
When reviewing the key definitions, approaches and activities outlined in the Executive Order, it is fairly well aligned with a set of global principles essential for enhancing cyber security. More specifically, it recognizes the principles of active collaboration and coordination with infrastructure owners and operators, outlines a risk-based approach for enhancing cyber security, and focuses on enabling the sharing of timely and actionable information to support risk management efforts.
Meanwhile, a revised CISPA bill made is way to the US House of Representatives floor this week. Charney mentioned the bill in his blog post, saying that it "will continue the important dialogue on the exchange of cyber threat information to help manage cyber risks." However, he did not offer Microsoft's actual opinion of the new CISPA bill, saying only, "We look forward to working with the Administration and Congress in our efforts to enhance cyber security, protect privacy and ensure the continued innovation of information technology."