Menu
CISA likely coming back to Senate, amid doubts about effectiveness

CISA likely coming back to Senate, amid doubts about effectiveness

In an age of personalized attacks, the benefit of sharing may be limited, a security expert says

Supporters of a controversial cyberthreat information-sharing bill will push for the U.S. Senate to pass it this fall, even as some security experts question whether it would be effective.

Backers of the Cybersecurity Information Sharing Act (CISA) will resume efforts to get the bill passed when Congress returns from a month-long recess next week, although Senate Majority Leader Mitch McConnell, a Kentucky Republican, has not yet put CISA on the Senate floor schedule, a spokesman said.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks. But cyberthreat information-sharing may not have prevented several recent, high-profile attacks on government agencies, said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, a cloud-based security vendor.

Several recent government breaches "were the result of targeted attacks against people," using email, social media and other methods, Kalember said by email.

"From what we understand, the attacks were also targeted," he added. Those breaches couldn't have been stopped nor prevented, even if the attacks' details -- such as the type of malware and distribution methods -- had been quickly shared, according to Kalember.

While sharing the method of attack may alert other agencies or businesses, the variety of cybersecurity controls used across the government and beyond may limit the effectiveness of threat sharing, he added. Agencies "have no consistent technical means of making the intelligence actionable, something that CISA does basically nothing to solve."

CISA would protect businesses that share cyberthreat information with each other and with government agencies from customer lawsuits.

Beyond questions about effectiveness, privacy and civil liberties groups say the bill would allow businesses to share too much personal information with government agencies such as the National Security Agency. Critics have called CISA a surveillance bill in disguise.

Even after a long debate on the Senate floor this summer, there are still "significant problems" with CISA, said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group.

"In our view, information is power," he said. "If the entity receiving the information is a military/intelligence agency, especially the NSA, that puts the NSA in the driver's seat of what should be a civilian cybersecurity program."

Still, several tech and business trade groups are pushing hard for Congress to pass CISA.

The Senate version of CISA requires businesses to have an automated process in place to remove personal information, Alan Roth, senior executive vice president at trade group USTelecom, wrote in an August blog post.

"The millions of Americans whose personal information is being threatened every day by hackers, cybercriminals and, regrettably, even some nation-states or their proxies, will be big privacy winners under this legislation," Roth added.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments