Legislation: Friend or foe?

Share this article:
Legislation: Friend or foe?
Legislation: Friend or foe?

The proposed Cyber Intelligence Sharing and Protection Act (CISPA) is galvanizing government and industry over whether we need federally mandated security legislation and what it should look like. The crux of the debate, whether personal privacy violations and information misuse will occur in the name of cyber security, is a thorny issue. Opponents of legislation that would mandate information sharing between the government and private sector about cyber threats claim it would be too burdensome for corporations to implement and could threaten civil liberties and privacy. 

Both groups can agree that government networks, critical infrastructure and corporate assets are under more frequent and sophisticated cyber attack. These result in information security breaches that are often only discovered after the fact –  sometimes months later and, often, by others. 

Until now, the United States has taken a consumer-focused approach to cyber security, mandating that only data breaches affecting consumers and their personal information need be disclosed. California's “right to know” disclosure law (SB-1386), which was copied by other states, is a good example. This approach is based on the premise that data security should be driven by consumer protection and not by government's anti-terrorism or crime-prevention initiatives. Ultimately, organizations that fail to protect against data breaches will suffer, as consumers seek better security from competitors.

But, at the end of the day, we need to understand that cyber criminals are coordinating their efforts and are well versed in sharing vulnerabilities and attack methodologies. To counter them, government and private industry have to work hand-in-hand to quickly dissipate information about threats. Europe, where the private industry and government agencies share threat information, has already learned this lesson. 

The emergence of information-sharing communities, such as the Red Sky Alliance, is a good first step. Now we need legislation that openly promotes the sharing of cyber attack intelligence across government and corporate boundaries, while at the same time protecting personal privacy.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in Opinions

Heartbleed, Shellshock and POODLE: The sky is not falling

Heartbleed, Shellshock and POODLE: The sky is not ...

While it may seem like 2014 is the year of the vulnerability, in reality, this year has not been much different than years past.

Technology alone isn't going to secure IoT connected devices

Technology alone isn't going to secure IoT connected ...

It's clear that vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before.

DDoS is the new spam...and it's everyone's problem now

DDoS is the new spam...and it's everyone's problem ...

As new solutions emerge, it's critical for organizations to protect themselves by being informed, aware, and acting whenever possible. Those that don't take action are playing a very dangerous game.