Cyber Attacks an Inconvenient Truth – Now What?

Lloyd McCoy_65x85by Lloyd McCoy Jr., Consultant

The Cyber Attacks an Inconvenient Truthtime-honored debate over cyber information sharing has picked-up steam in the last few months, with recent high-profile attacks on companies and government agencies, including: Sony, Target, Home Depot, OPM, and DOD  (just to name a few). Congress and the President are renewing calls to improve, or create from scratch, ways industry and government can work together to limit these threats. The consensus is: effective and damaging hacks are the new normal. Where there hasn’t been agreement is what to do about it.  Efforts from lawmakers suggest some form of legislation could be in the works.

The next few weeks we will see hearings and debate over several legislative bills, from both sides of the fence, all aimed at enhancing information sharing between industry and government.  Both the resurrected Cyber Intelligence Sharing and Protection Act (CISPA) and the Cybersecurity Information Sharing Act (CISA) bills would enable information sharing while offering liability protection. An upcoming bill from the Senate Homeland Security Committee would make the Department of Homeland Security the broker for information sharing, an expansion of the work it is already doing with commercial critical infrastructure providers.

Meanwhile, the White House issued an Executive Order last month, directing agencies to come up with broad cybersecurity standards and urging companies to embrace these standards. The Administration also created a Cyber Threat Intelligence Integration Center (CTIIC), which increases information sharing within the government, but would certainly be involved in any industry-government partnerships.

There’s obviously no guarantee any of these particular measures will pass or be successful, but we are seeing strong momentum toward some agreement on an information sharing framework. So what does this mean for industry? Well for one, legislation could make information sharing mandatory, meaning the government could have access to a company’s source code. Also, companies “opting out” of any voluntary agreement could be more vulnerable to litigation if a breach does occur. There are also issues and concerns related to privacy.

On the other hand, industry could benefit through targeted government investments resulting from the information sharing. Cybersecurity vendors are well-positioned to reap the benefits of this renewed urgency and focus on cyber threats. If you are a vendor selling a non-security related product, demonstrate how security is baked into your product and the role it might play in protecting or making the environment more secure. Furthermore, information sharing could yield clarity for both industry and government on best practices to address existing and emerging cyber threats.

Connect with LloydIf you found this post helpful, make sure to add me to your network on LinkedIn @Lloyd McCoy Jr. 

About Lloyd McCoy Jr.
Lloyd McCoy is the Department of Defense Consultant on the Market Intelligence team. Prior to working for immixGroup, he worked in the public sector as a senior analyst with the Defense Department. Lloyd primarily monitors and analyzes issues relating to the Navy/Marine Corps, Defense Health Agency, and the Defense Information Systems Agency

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: