DHS Releases 4 Guidelines for Cyber Threat Info-Sharing

by Chris Talipsky 17. March 2016 13:39
Following the 2015 passage of the Cybersecurity Information Sharing Act (CISA), which we wrote about previously, the Department of Homeland Security (DHS) has released their guidelines for how government and the private sector are to share their threat data. The CISA is the largest cybersecurity legislation to have passed in 2015, and initially did not include instruction to the private sector and government regarding how the threat data is to be shared, and how personally identifiable information should be handled. Proponents of the legislation note that information is the biggest weapon against cyber-threats and malicious actors, and sharing this information between the private sector and government will offer leverage against cyber-attacks. The guidance also explains how the shared information will be used, which may allay opponents’ fear of misuse. DHS Secretary Jeh Johnson noted that “…Companies are required to remove personal information before sharing cyber threat indicators and DHS is required to conduct a privacy review of received information and has implemented its own process.” The DHS guidance consists of four documents: · Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government · Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities · Interim Procedures Related to the Concept of Cyber Threat Indicators and Defensive Measures by the Federal Government · Privacy and Civil Liberties Interim Guidelines It is important for companies in the private sector to read the appropriate guidance and make sure that they are in compliance regarding the data that is shared. Some of it receives liability protection and some does not.
Categories: cyber security

Congress Gets CISA Passed in Omnibus Spending Bill

by Joe Clark 27. January 2016 10:04
Employing an age-old trick, Congress managed to receive passage of their Cybersecurity Information Sharing Act, or CISA into the omnibus spending bill that President Obama recently signed into law. The CISA is a contentious bill, with vocal proponents and opponents. It incentivizes companies and corporations to share data classified as a “cyber threat” with the federal government as a means of security. The thinking behind the bill is that corporations will share information they receive about cyber threats with one another and the federal government. With this shared information, entities will be better prepared against future cyber attacks and able to mitigate the current cyber threat landscape. Proponents argue that this type of bill will hinder future cyber attacks from those who were able to achieve relative anonymity in the past and offer the government a better means of mitigating cyber threats. Opponents feel that the government’s definition of cyber threat is too broad and this bill is a mandated violation of expected personal privacy and more a means of government surveillance. Had the President not signed the omnibus into law, there would likely have been a government shutdown. Though the Senate had not passed the bill, Congress placed it into the omnibus spending bill knowing it would likely get through.