Legislation: Friend or foe?

Share this article:
Legislation: Friend or foe?
Legislation: Friend or foe?

The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like. The crux of the debate, whether personal privacy violations and information misuse will occur in the name of cyber security, is a thorny issue. Opponents of legislation that would mandate information sharing between the government and private sector about cyber threats claim it would be too burdensome for corporations to implement and could threaten civil liberties and privacy. 

Both groups can agree that government networks, critical infrastructure and corporate assets are under more frequent and sophisticated cyber attack. These result in information security breaches that are often only discovered after the fact –  sometimes months later and, often, by others. 

Until now, the United States has taken a consumer-focused approach to cyber security, mandating that only data breaches affecting consumers and their personal information need be disclosed. California's “right to know” disclosure law (SB-1386), which was copied by other states, is a good example. This approach is based on the premise that data security should be driven by consumer protection and not by government's anti-terrorism or crime-prevention initiatives. Ultimately, organizations that fail to protect against data breaches will suffer, as consumers seek better security from competitors.

But, at the end of the day, we need to understand that cyber criminals are coordinating their efforts and are well versed in sharing vulnerabilities and attack methodologies. To counter them, government and private industry have to work hand-in-hand to quickly dissipate information about threats. Europe, where the private industry and government agencies share threat information, has already learned this lesson. 

The emergence of information-sharing communities, such as the Red Sky Alliance, is a good first step. Now we need legislation that openly promotes the sharing of cyber attack intelligence across government and corporate boundaries, while at the same time protecting personal privacy.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.