Menu
CISA likely coming back to Senate, amid doubts about effectiveness

CISA likely coming back to Senate, amid doubts about effectiveness

In an age of personalized attacks, the benefit of sharing may be limited, a security expert says

Supporters of a controversial cyberthreat information-sharing bill will push for the U.S. Senate to pass it this fall, even as some security experts question whether it would be effective.

Backers of the Cybersecurity Information Sharing Act (CISA) will resume efforts to get the bill passed when Congress returns from a month-long recess next week, although Senate Majority Leader Mitch McConnell, a Kentucky Republican, has not yet put CISA on the Senate floor schedule, a spokesman said.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks. But cyberthreat information-sharing may not have prevented several recent, high-profile attacks on government agencies, said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, a cloud-based security vendor.

Several recent government breaches "were the result of targeted attacks against people," using email, social media and other methods, Kalember said by email.

"From what we understand, the attacks were also targeted," he added. Those breaches couldn't have been stopped nor prevented, even if the attacks' details -- such as the type of malware and distribution methods -- had been quickly shared, according to Kalember.

While sharing the method of attack may alert other agencies or businesses, the variety of cybersecurity controls used across the government and beyond may limit the effectiveness of threat sharing, he added. Agencies "have no consistent technical means of making the intelligence actionable, something that CISA does basically nothing to solve."

CISA would protect businesses that share cyberthreat information with each other and with government agencies from customer lawsuits.

Beyond questions about effectiveness, privacy and civil liberties groups say the bill would allow businesses to share too much personal information with government agencies such as the National Security Agency. Critics have called CISA a surveillance bill in disguise.

Even after a long debate on the Senate floor this summer, there are still "significant problems" with CISA, said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group.

"In our view, information is power," he said. "If the entity receiving the information is a military/intelligence agency, especially the NSA, that puts the NSA in the driver's seat of what should be a civilian cybersecurity program."

Still, several tech and business trade groups are pushing hard for Congress to pass CISA.

The Senate version of CISA requires businesses to have an automated process in place to remove personal information, Alan Roth, senior executive vice president at trade group USTelecom, wrote in an August blog post.

"The millions of Americans whose personal information is being threatened every day by hackers, cybercriminals and, regrettably, even some nation-states or their proxies, will be big privacy winners under this legislation," Roth added.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Sizing up the NZ security spectrum - Where's the channel sweet spot?

Sizing up the NZ security spectrum - Where's the channel sweet spot?

From new extortion schemes, outside threats and rising cyber attacks, the art of securing the enterprise has seldom been so complex or challenging. With distance no longer a viable defence, Kiwi businesses are fighting to stay ahead of the security curve. In total, 28 per cent of local businesses faced a cyber attack last year, with the number in New Zealand set to rise in 2017. Yet amidst the sensationalism, media headlines and ongoing high profile breaches, confusion floods the channel, as partners seek strategic methods to combat rising sophistication from attackers. In sizing up the security spectrum, this Reseller News roundtable - in association with F5 Networks, Kaspersky Lab, Tech Data, Sophos and SonicWall - assessed where the channel sweet spot is within the New Zealand channel. Photos by Maria Stefina.

Sizing up the NZ security spectrum - Where's the channel sweet spot?
Show Comments