Day: October 14, 2015

Posted on

Cybersecurity Information Sharing Act Still Awaits Action in US Senate

Because October is National Cyber Security Awareness Month, conventional wisdom holds that the US Senate will consider cybersecurity information sharing legislation that was introduced in the spring. The Senate, however, has yet to schedule a formal vote on the Cybersecurity Information Sharing Act (CISA) (S. 754).

The proposed legislation aims to defend against cyberattacks through the creation of a framework for the voluntary sharing of cyberthreat information between private entities and the federal government. Companies may share threat indicators and defensive measures with the government, but they must institute appropriate security controls and remove personal information. Liability protection is available for companies choosing to share information, provided they implement the proper controls.

During his State of the Union address earlier this year, US President Barack Obama urged Congress to pass legislation focused on cybersecurity, including the sharing of information. The US House of Representatives passed two similar bills on information sharing in April: the Protecting Cyber Networks Act (PCNA) (H.R. 1560) and the National Cybersecurity Protection Advancement Act (NCPA) (H.R. 1731). One of the key differences in the House bills is that the NCPA Act only authorizes sharing with the Department of Homeland Security, while the PCNA provides companies the flexibility to choose to share cyber threat indicators or defensive measures with a number of different government agencies.

Before a conference committee can convene and iron out differences between the House and Senate versions, the Senate must act. Media reports that the Senate will likely consider the legislation after they return from a brief recess the second or third week in October, but no firm plans have been announced. According to published media reports, the Senate is working to limit amendments in order to fast-track debate on the proposed legislation.

There is a deep divide on whether the CISA legislation should be passed. Some businesses and industries welcome the information sharing and liability protections the Act would provide. Privacy advocates, however, warn that the Act would put individuals’ private information in the hands of the US government.

Montana Williams
Sr. Manager of Cybersecurity Practices, ISACA

[ISACA Now Blog]

Posted on

Lessons Learned from Active Duty and a Decade in the Cyber World

Note: Major General John A. Davis (Retired) recently joined Palo Alto Networks as Federal Chief Security Officer. The below is excerpted from an article appearing in Cyber: The Magazine of the Military Cyber Professionals Association. Read the full article here.

I recently retired from active duty after a 35 year career in the U.S. military, the past decade of which has been devoted to the sometimes mysterious cyber world.  I’d like to offer some insight into the personal lessons that I’ve learned during my experience in helping to stand up U.S. Cyber Command and while working cyber policies and strategies at the Pentagon.  Although I’ve learned many more lessons, the three that I’ve chosen to share in this article are, in my view, especially important for leaders in both the public and private sectors, because we are all becoming increasingly connected through modern information technology.  This means we all share in the exploding opportunities as well as the escalating risks.  Below are my top three lessons and I will attempt to add more context in subsequent paragraphs to help both government and industry leaders understand why all sectors of society should care about these key points:

  1. Strong teamwork and effective partnerships are essential to cybersecurity success.
  1. The world is changing dramatically and so too must the balance between opportunity and risk in the information technology decision-making environment.
  1. As more nation-state militaries become involved in cyber operations, we must shine more light on what they are doing and why, in order to set accurate expectations and prevent mistakes.

Lesson number one is about a real need for teamwork and effective partnerships.  If I had to come up with a motto for this lesson it would be, “Make friends … lots of friends…you’re gonna need them!”  If you think you can go it alone in the cybersecurity business, think again.  Many different organizations, both public and private, have critical roles and responsibilities in the cybersecurity environment, but no single organization has all the skills, talent, resources, capabilities, capacity or authority to act effectively in isolation.  It truly does take a team approach and strong partnerships to operate effectively.  However, creating trusted, credible partnerships requires significant dedication of time and energy from the leadership of an organization.

Read John’s full article here.
Learn more about Palo Alto Networks solutions for government here.

[Palo Alto Networks Blog]

 

English
English
Exit mobile version