CISA likely coming back to Senate, amid doubts about effectiveness

In an age of personalized attacks, the benefit of sharing may be limited, a security expert says

Supporters of a controversial cyberthreat information-sharing bill will push for the U.S. Senate to pass it this fall, even as some security experts question whether it would be effective.

Backers of the Cybersecurity Information Sharing Act (CISA) will resume efforts to get the bill passed when Congress returns from a month-long recess next week, although Senate Majority Leader Mitch McConnell, a Kentucky Republican, has not yet put CISA on the Senate floor schedule, a spokesman said.

Backers of CISA and similar bills say the sharing of cyberthreat information is necessary for businesses and government agencies to respond to ongoing attacks. But cyberthreat information-sharing may not have prevented several recent, high-profile attacks on government agencies, said Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint, a cloud-based security vendor.

Several recent government breaches "were the result of targeted attacks against people," using email, social media and other methods, Kalember said by email.

"From what we understand, the attacks were also targeted," he added. Those breaches couldn't have been stopped nor prevented, even if the attacks' details -- such as the type of malware and distribution methods -- had been quickly shared, according to Kalember.

While sharing the method of attack may alert other agencies or businesses, the variety of cybersecurity controls used across the government and beyond may limit the effectiveness of threat sharing, he added. Agencies "have no consistent technical means of making the intelligence actionable, something that CISA does basically nothing to solve."

CISA would protect businesses that share cyberthreat information with each other and with government agencies from customer lawsuits.

Beyond questions about effectiveness, privacy and civil liberties groups say the bill would allow businesses to share too much personal information with government agencies such as the National Security Agency. Critics have called CISA a surveillance bill in disguise.

Even after a long debate on the Senate floor this summer, there are still "significant problems" with CISA, said Greg Nojeim, senior counsel at the Center for Democracy and Technology, a digital rights group.

"In our view, information is power," he said. "If the entity receiving the information is a military/intelligence agency, especially the NSA, that puts the NSA in the driver's seat of what should be a civilian cybersecurity program."

Still, several tech and business trade groups are pushing hard for Congress to pass CISA.

The Senate version of CISA requires businesses to have an automated process in place to remove personal information, Alan Roth, senior executive vice president at trade group USTelecom, wrote in an August blog post.

"The millions of Americans whose personal information is being threatened every day by hackers, cybercriminals and, regrettably, even some nation-states or their proxies, will be big privacy winners under this legislation," Roth added.

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?