A couple of years ago I attended a Cybersecurity symposium in Charlotte, NC at local college campus. The highlight of this symposium was the panel of bank security executives who were there to discuss a major cyber attack which impacted them.
In 2012 a malicious cyber group called Al-Qassam launched a major cybersecurity attack called “Distributed Denial of Service (DDoS)” attack against Bank of America, JP Morgan, Wells Fargo, US Bank, PNC bank and others. The attack flooded the banks communication lines with fake information, preventing real information like money transfers and online bill pay from taking place. This caused a huge financial loss with customers unable to perform basic banking online services.
The panel of banking security executives, one from Bank of America, one from Wells and Fargo, one from BB&T and one from First Citizens Bank, took time during the panel to discuss this attack openly in front of one another. The most interesting aspect of them recounting the cyber attack and how it affected their business, was their analysis and the information they were seeing in real time.
Bank of America executive talked about how big the flood was, then the BB&T executive talked about the many locations this flood was happening from, then the Wells Fargo executive chimed in with how they were seeing the code of this attack change in real time, as if real operators where in the seat. However, they could never share that information with each other. There were policies and laws that basically prevented them from cross sharing cyber attack information.
Today the federal government is taking steps to close this ocean of a loop hole by introducing the Cybersecurity Information Security Act of 2015 (S.754). This Act “Allows entities to share and receive indicators and defensive measures with other entities or the federal government. Requires recipients to comply with lawful restrictions that sharing entities place on the sharing or use of shared indicators or defensive measures”. It also “Permits state, tribal, or local agencies to use shared indicators (with the consent of the entity sharing the indicators) to prevent, investigate, or prosecute offenses relating to:
The Cybersecurity Information Security Act is trying to bridge the intelligence gap between all the various entities government, public, etc. without breaking or modifying the laws that are in place today around competitive information sharing. The Act itself is still going through its due process but outlines a lot of work effort:
As we can see from above the work effort will be tremendous, but necessary in order to counter act the many cyber threats that we have been witnessing in the world. The combined effort of the top level intelligence agencies will need to be transparent and possibly provide a tool to show that transparency. The framework they provide will need to be clear and easy to follow for all the entities to correctly perform the duties required.
Keep an eye on this Act as it may go through some more iterations to more clearly define the rules of engagement. But as we can see from my earlier experience, not sharing information between the various entities is preventing our ability to protect ourselves in a timely manner. This Act may not be perfect and may have some flaws, but at the least it’s a start somewhere.
Receive notifications of new posts by email.