Congress Pushes Revamped CISPA
It seems as if the US Congress is back in the business of making “powerful friends” again. By friends, I mean enemies. This time, it is via the Cybersecurity Information Sharing Act or CISA (not the ISACA certification) found here. Effectively, Congress Pushes Revamped CISPA. Here is an excerpt from the act:
(Sec. 3) Requires the Director of National Intelligence (DNI), the Department of Homeland Security (DHS), the Department of Defense (DOD), and the Department of Justice (DOJ) to develop and promulgate procedures to promote: (1) the timely sharing of classified and declassified cyber threat indicators in possession of the federal government with private entities, non-federal government agencies, or state, tribal, or local governments; (2) the sharing of unclassified indicators with the public; and (3) the sharing of cybersecurity threats with entities to prevent or mitigate adverse effects.
Requires notification to be provided to entities when the federal government has shared indicators in error or in contravention of law.
Directs the DNI to submit such procedures to Congress within 60 days after enactment of this Act.
Apple and Dropbox are two of these enemies. Per The Washington Post, Apple had this to say: “‘We don’t support the current CISA proposal,’ Apple said in a statement. ‘The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.'” The Business Insider has a good summary as to why companies are against this bill:
It’s intended to help facilitate the sharing of companies’ data with the US government in order to prevent and tackle crime. If passed, a US citizen wouldn’t be able to sue Google, say, using privacy/antitrust laws for passing on their data to US law enforcement. It also provides immunity from the Freedom of Information Act, making it difficult to someone to find out exactly what information (if any) has been shared with the government.
Decide the Future has a scorecard of companies both for and against CISA (and other similar laws over the years). Here are some notable supporters and opposition:
- Oppose CISA
- Support CISA
Based on the information that I was able to find, this seems a little Orwellian for my taste. I am all for government and private businesses sharing cybersecurity information, especially in the wake of high profile breaches (below). The problem is that they should be able to opt-in or opt-out without government intervention, coercion, or legislative bullying. I further echo the sentiments of Apple in terms of customer trust. Combine this with the NSA decrypting 1024-bit Diffie-Hellman Key Exchange and Government attempts to compel cryptographers to give them a back door and there is no such thing as security or personal privacy from the government.
I typically take a more pro-government stance in these scenarios, but this is over reach. People have a reasonable expectation of privacy. People should not fear that their government is spying on them without rhyme, reason, or cause. Either the lawmakers are really trying to go to an Orwellian model as in 1984, or they have some sponsors have ulterior motives and something to gain. I am not sure why this is passing so quietly. I will be personally following this. If interested, please subscribe to stay in the loop.
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.