Data sharing proposal is nice start, but more work needed, legislators say
Proposed legislation could be a step in the right direction for cybersecurity, but further tweaks to the bill may be needed.
Proposed legislation currently making it's way through the House of Representatives could be a good first step in the right direction for the government and private companies looking to collaborate on cybersecurity measures, but the bill requires further tweaking before it can gain the necessary votes, lawmakers said recently.
A main provision of the proposed bill, which some have said is long overdue in promoting a data security partnership between the public and private sectors, is the creation of the semi-independent National Information Sharing Organization. Through the NISO, firms in the private sector and public agencies can collaborate on the cybersecurity threats they face, as well as means for protecting critical infrastructure.
Numerous changes have already been made to the proposed legislation, but some House democrats are calling for further amendments, according to a recent Bloomberg report. Specifically, the legislators are calling on the bill's authors to define how consumer data privacy will be upheld when such information is shared through the NISO.
Prior to having any chance of being passed, according to Bloomberg, New York Democrat Yvette Clarke said lawmakers must "explore the real-life implications of such a body and its actions, and how it would affect the department’s ability to enhance cybersecurity for our government agencies.” Clarke is the senior Democrat on the cybersecurity subcommittee that held a hearing on the proposed legislation on December 6.
Industry experts and data privacy advocates have echoed such calls by House democrats. Gregory Nojeim, the senior counsel at the San Francisco-based Center for Democracy and Technology, told Bloomberg that consumers have a right to know what information is being shared by companies and the government.
He added that only information that will help fight cybersecurity should be passed on to the NISO, and none of it should be used for law enforcement purposes, according to Bloomberg.
And while collaboration between the government and the private sector has been promoted as key to enhancing Internet security in the United States, some are questioning whether more regulation is the answer. A recent ZDNet commentary by data security expert Torsten George argued that more compliance requirements may only add to the problem.
Companies, George said, are more concerned about compliance than actual security.
"Unfortunately, being compliant does not equate to being secure, as compliance lacks the correlation to risk and is conducted periodically, rather than continuously," he wrote. "Thus, only regulations that mandate prioritizing security in the overall picture will really move the needle."
Still, cooperation between privately held companies and the government remains necessary if the U.S. is to fend off continued and escalating cyberattacks on both enterprise and federal networks, some experts say. Cheri McGuire, the vice president of global government affairs and cybersecurity policy for a security firm, testified before the House subcommittee that it's in everyone's best interest to create a so-called data security clearinghouse like the NISO, Bloomberg reported.
She said the move to “share information is a strong step in the right direction,” according to Bloomberg.
This legislation is another sign that organizations in the U.S. are acutely aware of the cyber threats they face and are determined to do something about the cybersecurity issue. That notion was also reflected in the recently released 2011 Lloyd’s Risk Index from insurance market Lloyd's of London.
The report revealed that organizations in North America – where cybercrime costs about $96 billion annually, Lloyd's revealed – have taken the lead on data security measures and routinely outpace the rest of the world in terms of security measures and research.
Data Security News from SimplySecurity.com by Trend Micro
Spotlight
Cloud Computing
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
- Wall Street has data security concerns over Bloomberg reporting
- Security in backups means more than just encryption
Virtualization
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Internet Safety
- Virtualization-specific challenges could threaten data security
- Evolving threats put security skills in high demand
- Virtualization security requires education, access control management
- Tips for launching effective virtual security tools
Vulnerabilities & Exploits
CTO Insights
First Line of Defense
Newsletter
Stay up to date with the latest news and information on online threats.
Recent News
- Twitter now offers two-factor authentication
- DHS needs better sharing plan, experts say
- Cloud security group develops third-party certification program
- US makes large investment in cyber weaponry
Tag Cloud
cloud cloud computing cloud computing security Cloud Security Compliance & Regulations Consumerization Current News cybercrime Data Privacy data security Encryption Government Policy Internet Protection Internet Safety Internet Safety - DO NOT USE Internet Security Malware Mobile Security Mobility Policy Policy - DO NOT USE Privacy Privacy & Policy Private Cloud Public Cloud Reports Research Spotlight threat intelligence threat research Trend Labs Underground Economy virtualization Vulnerabilities Vulnerabilities - DO NOT USE web security web threats
Comments
No comments yet