Modern field guide to security and privacy

DHS official: Hackers will ‘stop dancing in the streets’ once companies share more threat info

Security and privacy experts, however, have concerns about the private sector sharing information with the government. Clips from the Passcode and Center for National Policy event on Thursday.

The Department of Homeland Security’s top cybersecurity official says hackers and rogue nations targeting the country’s critical infrastructure and businesses will “stop dancing in the streets” if the Obama administration’s plan to share information on cyberthreats succeeds.

If the companies start sharing more information with each other and the government about the threats they face, it will give them an advantage over their attackers, Phyllis Schneck said an event on Thursday hosted by Passcode and the Center for National Policy. Information-sharing, she said, is “the one thing [adversaries] can’t do.”

Ms. Schneck’s remarks came just days after President Obama announced an executive order to encourage information-sharing. Mr. Obama has also called on Congress to pass legislation that would make DHS the central repository for that information coming from the private sector.  

Despite Schneck’s enthusiasm for the program, however, prominent security and privacy experts were more cautious, raising concerns about whether information sharing legislation was actually necessary and how to best protect personal data once it’s shared with the government.

Here are some key takeaways from the event:

Schneck: When threats become more sophisticated, cybersecurity efforts are progressing (+VIDEO)

One year after the Obama administration rolled out the country’s first cybersecurity standards to protect critical infrastructure, it’s “tricky” for the government to see how companies or individual sectors are progressing, Schneck said. One counterintuitive way to assess progress: If the threats they see are getting more sophisticated. “That means we’ve wiped out some of the bottom feeders” – attacks that could have been more easily avoided.

John Pescatore: With so much information sharing going on in industry, there’s actually not a “tremendous need” for legislation (+VIDEO)

In the panel discussion, director of the SANS Institute John Pescatore says the “reality” is that many industries, such as the financial sector, have their own ways of sharing information. A cyberincident response team to investigate breaches and share lessons learned with the community to prevent similar attacks in the future, Pescatore said, would be better than “yet another agency” pooling threat information.  

Harley Geiger: Law enforcement use of shared information must be limited to prevent “a giant backdoor wiretap” (+VIDEO)

The Center for Democracy and Technology’s Harley Geiger wants to make sure there are strong limitations on the kind of information companies can share with the government, and hard limits on how law enforcement can use it. The Obama administration, Geiger said, so far has set “pretty reasonable” limitations: Computer crimes, threats of death, sexual exploitation of minors. “But if it is open for general law enforcement use, then it essentially becomes a giant backdoor wiretap,” he said.

Companies, he later added, should not have to choose between being vulnerable to attacks and sharing personal information with the National Security Agency.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to DHS official: Hackers will ‘stop dancing in the streets’ once companies share more threat info
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0219/DHS-official-Hackers-will-stop-dancing-in-the-streets-once-companies-share-more-threat-info
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe