AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Filter by Custom Post Type
Posts

Bridging the Intelligence Gap: Cybersecurity Information Sharing Act of 2015

by

A couple of years ago I attended a Cybersecurity symposium in Charlotte, NC at local college campus. The highlight of this symposium was the panel of bank security executives who were there to discuss a major cyber attack which impacted them.

In 2012 a malicious cyber group called Al-Qassam launched a major cybersecurity attack called “Distributed Denial of Service (DDoS)” attack against Bank of America, JP Morgan, Wells Fargo, US Bank, PNC bank and others. The attack flooded the banks communication lines with fake information, preventing real information like money transfers and online bill pay from taking place. This caused a huge financial loss with customers unable to perform basic banking online services.

The panel of banking security executives, one from Bank of America, one from Wells and Fargo, one from BB&T and one from First Citizens Bank, took time during the panel to discuss this attack openly in front of one another. The most interesting aspect of them recounting the cyber attack and how it affected their business, was their analysis and the information they were seeing in real time.

Bank of America executive talked about how big the flood was, then the BB&T executive talked about the many locations this flood was happening from, then the Wells Fargo executive chimed in with how they were seeing the code of this attack change in real time, as if real operators where in the seat. However, they could never share that information with each other. There were policies and laws that basically prevented them from cross sharing cyber attack information.

Today the federal government is taking steps to close this ocean of a loop hole by introducing the Cybersecurity Information Security Act of 2015 (S.754). This Act Allows entities to share and receive indicators and defensive measures with other entities or the federal government. Requires recipients to comply with lawful restrictions that sharing entities place on the sharing or use of shared indicators or defensive measures”. It alsoPermits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to:

  • (1) an imminent threat of death, serious bodily harm, or serious economic harm, including a terrorist act or a use of a weapon of mass destruction; or
  • (2) crimes involving serious violent felonies, fraud and identity theft, espionage and censorship, or trade secrets.

The Cybersecurity Information Security Act is trying to bridge the intelligence gap between all the various entities government, public, etc. without breaking or modifying the laws that are in place today around competitive information sharing. The Act itself is still going through its due process but outlines a lot of work effort:

  • Requiring Homeland Security, Department of Defense, Department of Justice and the Director of National Intelligence to collectively develop the appropriate procedures and submit them within 60 days after the Act being passed through.
  • Requiring Department of Justice to inform the recipients of these procedures to include; real time sharing, auditing, and penalties for those who may abuse this Act.
  • Requiring Department of Justice to develop the framework guide line to assist entities with sharing information to include identifying and protecting personal information (PII)
  • Requiring Homeland Security to report to Congress regarding implementation of the sharing process within Department of Homeland Security.
  • Requiring appropriate federal entities and the inspectors general of specified agencies to report to Congress at least every 2years concerning the implementation of this Act, which should include privacy impact assessment, actions taken on shared threat intelligence, and if there were any violations of abuses of this Act.
  • Requiring the Department of National Intelligence to report to Congress regarding cyber attacks, theft, and data breaches. This report should also include an intelligence relationship assessment with other countries, description of the U.S. governments response and prevention capabilities, and an assessment on future technologies that would enhance U.S. capabilities, including the private sector (public companies) that could assist the intelligence community

As we can see from above the work effort will be tremendous, but necessary in order to counter act the many cyber threats that we have been witnessing in the world. The combined effort of the top level intelligence agencies will need to be transparent and possibly provide a tool to show that transparency. The framework they provide will need to be clear and easy to follow for all the entities to correctly perform the duties required.

Keep an eye on this Act as it may go through some more iterations to more clearly define the rules of engagement. But as we can see from my earlier experience, not sharing information between the various entities is preventing our ability to protect ourselves in a timely manner. This Act may not be perfect and may have some flaws, but at the least it’s a start somewhere.

Subscribe to Blog

Receive notifications of new posts by email.