Cybersecurity setback in presidential debates

29 Oct 2015 | Author: | No comments yet »

A Quick Guide to the Cybersecurity Bill Passed by the U.S. Senate.

TODAY: STATE TO HEAR ABOUT ‘CYBER PRODUCTS,’ CLASSIFICATION AS WEAPONS — A State Department advisory group on arms export issues meets this afternoon to discuss whether “cyber products” should be added to the U.S. The Senate passed the Cybersecurity Information Sharing Act (CISA) on Tuesday, a controversial bill that has technology companies and security advocates concerned over future data protections. CISA would force websites and tech firms to share user information with the government, so long as that information fits an astonishingly vague description of a “cyber threat.” The newly successful CISA is recycled from a less-popular model. A department official told MC the State has no intention of adding cybersecurity products potentially subject to export controls overseen by the Commerce Department, which is debating how to restrict international sales of “intrusion software.” Asked what constitutes a “cyber product” for purposes of State regulations, the official pointed to a section of the International Traffic in Arms Regulations that mostly pertains to systems meant to evade interception of electromagnetic signals. Critics counter that the bill would allow the government to violate privacy boundaries, and that it would not in practice prevent security breaches from hackers at all.

But that section – XI(b) – also cites “electronic systems or equipment designed or modified to counteract electronic surveillance or monitoring” as a potentially controllable item under ITAR. The video of school officer Ben Fields manhandling and throwing a student across a South Carolina high school classroom caused outrage across the country, leading to Fields being fired and an investigation into his actions. The thinking behind the bill is that sharing information would better prepare the country against hackers, although the bill does not clearly define how information collected would be disseminated or who would ultimately be in control.

The House of Representatives passed a precursor to CISA—the Cyber Intelligence Sharing and Protection Act (CISPA)—in 2013, but the bill’s progress stopped when Pres. CYBERSECURITY INSURANCE MARKET HAS ROOM TO GROW — The average take-up rate of cyber insurance in the U.S. is 24 percent, according to a survey by the Council of Insurance Agents & Brokers of 75 cyber experts working at 53 brokerages. The Senate rejected amendments, including one addressing concerns that companies could give the government personal information about their customers. The US Chamber of Commerce, the country’s largest business group, lobbied hard for the bill, stating on its website that to overcome obstacles arising from cybersecurity threats, private-public partnerships must form and share information. “In an interconnected world, economic security and national security are linked,” said Thomas J. A majority of brokers noted that it’s still difficult selling to small and medium enterprises – they have a mindset that they’re just not likely to be a cybercrime victim.

Donohue, the chamber’s CEO. “To maintain a strong and resilient economy, we must protect against the cyber attacks. “The legislation passed by the Senate today bolsters our cyber defenses by providing the liability protections needed to encourage the voluntary sharing of cyber threat information,” in a statement released by the Telecommunications Industry Association and quoted in The Guardian. Technology companies, such as Twitter, Apple and Google, opposed the bill on the grounds it would increase government spying, while the protections currently tendered in the bill do not go far enough to actually work. Lawmakers will look at restrictions that countries place on data that moves across their borders, as well as the economic implications of those policies. Dianne Feinstein, D-Calif., and Richard Burr, R-N.C., said the measure was needed to limit high-profile cyberattacks, such as the one on Sony Pictures last year. “From the beginning we committed to make this bill voluntary, meaning that any company in America, if they, their systems are breached, could choose voluntarily to create the partnership with the federal government.

The White House expressed its support for CISA earlier this year. “Cybersecurity is an important national security issue and the Senate should take up this bill as soon as possible and pass it,” White House spokesperson Eric Schultz told The Hill in August. “CISPA is nearly identical to CISA. The 1 p.m. hearing lands between two other data hearings that day: Two House Energy & Commerce panels will hold a morning 10 a.m. hearing on negotiations to replace the U.S.

The bill approaches information sharing from the same framework,” Mark Jaycox, an analyst with the Electronic Frontier Foundation, said. “The Senate bill [CISA] is just smarter with workarounds.” Both bills would offer immunity to companies if they turned over information to the government in order to expose broadly defined “cyber threats.” CISA contains only minor updates, which activists say make the bill more potent than its predecessor. “CISPA was pretty overt in saying ‘the National Security Agency is going to be the lead in this, it’s going to collect the information,’” Jaycox said. “CISA says the Department Homeland Security will be the lead in this, but the DHS has to automatically share it with the NSA … There are small, sly changes like that within CISA.” In 2011 and 2012, the Internet rallied against SOPA and PIPA, two controversial bills that would have given the government new powers to block websites that violated copyright. With a similar bill already having passed in the House in April, both chambers would have to merge their legislation and vote again before President Obama could sign it into law. High-profile cybersecurity breaches at Sony Pictures, Home Depot, the Office of Personnel Management and dozens of other organizations within the past year alone helped CISA make its way to the Senate floor.

Whether Obama will veto such a bill depends on if its final passage meets his own standards on security and privacy, said Nathan White, a senior manager with the digital rights group, Access, to the National Review. “The administration’s policy up to this point has been very clear,” he said. “It has supported CISA’s process but expressed concerns that it is currently dangerous to cybersecurity.” What Obama wants is legislation that fosters information sharing “while carefully safeguarding privacy, confidentiality, and civil liberties, all the while preserving the long-standing respective roles and missions of civilian and intelligence agencies,” and CISA “upholds these principles,” Schultz said. With PIPA and SOPA you had literally tens of millions of people engaged, writing and calling Congress, posting blackouts on their sites… I don’t think it’s quite the same scale.” The Department of Homeland Security established its United States Computer Emergency Readiness Team (US-CERT) in 2003 to collect, analyze, disseminate and respond to cybersecurity information shared among government agencies, the private sector and researchers. The Sunshine in Government Initiative, a Washington organization that promotes open government policies, urged the Senate last week to support Leahy’s amendment.

Participation is voluntary and companies have long been reluctant to tell the U.S. government about their security failures. “Passing the bill will have no effect on improving cybersecurity,” said Alan Paller, director of research for the SANS Institute. “That’s been demonstrated each time sharing legislation has been passed. The thinking is that this shared information will help these different groups better prepare themselves to identify and defend against hackers trying to steal information from their computers. The cost to companies of disclosing their failings is so great that they avoid it even if there is a major benefit to them of learning about other peoples’ failings.” Cyberattacks have affected an increasing number of Americans who shop at Target, use Anthem medical insurance or saw doctors at medical centers at the University of California, Los Angeles. The U.S. and the technology industry already operate groups intended to improve sharing of information among the government and businesses, including the Homeland Security Department’s U.S. Ron Wyden (D–Ore.), Al Franken (D–Minn.), Patrick Leahy (D–Vt.) and Dean Heller (R–Nev.) have lined up against the bill, along with presidential candidates Sens.

Critics say that the process of passing customer information to government agencies or other third parties creates new opportunities for data to be stolen. They also argue the bill fails to address the real reasons hackers are able to steal data—including outdated software, malware and unencrypted files—and that because information sharing would be voluntary, a lack of participants could undermine the program. Attorney General has 180 days to finalize a plan for collecting and disseminating cyber-threat data. *Editor’s Note (10/28/15): This sentence was edited after posting to clarify that the version of CISA passed October 27 does not require participants to remove personally identifiable information.

Our partners
Follow us
Contact us
Our contacts

About this site