Menu
CISA likely coming back to Senate, amid doubts about effectiveness

CISA likely coming back to Senate, amid doubts about effectiveness

In an age of personalized attacks, the benefit of sharing may be limited, a security expert says

Supporters of a controversial cyberthreat information-sharing bill will push for the U.S. Senate to pass it this fall, even as some security experts question whether it would be effective.

Backers of the Cybersecurity Information Sharing Act (CISA) will resume efforts to get the bill passed when Congress returns from a month-long recess next week, although Senate Majority Leader Mitch McConnell, a Kentucky Republican, has not yet put CISA on the Senate floor schedule, a spokesman said.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks. But cyberthreat information-sharing may not have prevented several recent, high-profile attacks on government agencies, said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, a cloud-based security vendor.

Several recent government breaches "were the result of targeted attacks against people," using email, social media and other methods, Kalember said by email.

"From what we understand, the attacks were also targeted," he added. Those breaches couldn't have been stopped nor prevented, even if the attacks' details -- such as the type of malware and distribution methods -- had been quickly shared, according to Kalember.

While sharing the method of attack may alert other agencies or businesses, the variety of cybersecurity controls used across the government and beyond may limit the effectiveness of threat sharing, he added. Agencies "have no consistent technical means of making the intelligence actionable, something that CISA does basically nothing to solve."

CISA would protect businesses that share cyberthreat information with each other and with government agencies from customer lawsuits.

Beyond questions about effectiveness, privacy and civil liberties groups say the bill would allow businesses to share too much personal information with government agencies such as the National Security Agency. Critics have called CISA a surveillance bill in disguise.

Even after a long debate on the Senate floor this summer, there are still "significant problems" with CISA, said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group.

"In our view, information is power," he said. "If the entity receiving the information is a military/intelligence agency, especially the NSA, that puts the NSA in the driver's seat of what should be a civilian cybersecurity program."

Still, several tech and business trade groups are pushing hard for Congress to pass CISA.

The Senate version of CISA requires businesses to have an automated process in place to remove personal information, Alan Roth, senior executive vice president at trade group USTelecom, wrote in an August blog post.

"The millions of Americans whose personal information is being threatened every day by hackers, cybercriminals and, regrettably, even some nation-states or their proxies, will be big privacy winners under this legislation," Roth added.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments