Saturday, December 27, 2014

U.S. Puts New Focus on Cyber Defenses? (Revised)

Description

The government focused on trying to identify the hackers, an effort that involved the National Security Agency as well as some of the cyber taskforces in the FBI’s 56 offices field offices and the assistant legal attaches embedded in U.S. embassies overseas. U.S. officials also targeted specific notifications to news entertainment companies. [1]

Businesses, for their part, have long argued for more help from Washington in combating hackers. After J.P. Morgan Chase & Co. this summer suffered one of the worst known hacks on a bank, Chief Executive James Dimon said, “The government knows more than we do.”

At the same time, companies are trying to keep the government at arm’s length on certain parts of cybersecurity. For instance, the U.S. Chamber of Commerce and other lobbying groups have successfully fought off attempts to set minimum cybersecurity standards for industries such as energy, banking and public utilities. Those standards, the companies say, would be too burdensome and, some say, could be used against firms in litigation following a breach.

Business concerns about overregulation, among other factors, have played a role in the collapse of efforts in Congress in recent years to pass legislation that would create incentives for companies to take additional security precautions and share information. Some proposals have paired liability protection for businesses in exchange for meeting tougher security standards. In the time that Congress tried and failed to pass broad legislation, intelligence officials elevated cyberthreats to the top of the list of national security concerns.

Mr. Obama, at a news conference last week, urged Congress to try again next year to pass “strong cybersecurity laws that allow for information-sharing. … Because if we don’t put in place the kind of architecture that can prevent these attacks from taking place, this is not just going to be affecting movies, this is going to be affecting our entire economy.”

The administration says it has taken a variety of steps to coordinate with business. In 2014, it focused on being more open to giving the private sector classified, threat-specific briefings to help them prevent cyberattacks, said John Carlin, assistant attorney general for national security. Mr. Carlin said the government has held more than three dozens such briefings in the past year through an effort that involves a network of specialists who focus on threats posed by foreign nations and terrorist groups. But in this space, the government is not filtering out the malicious traffic,” he said, in part because of Americans’ concerns about privacy, civil liberties and Internet data collection by the NSA.

Executive Guidance

The emphasis of sharing information about the sources and origins of attacks may be partially helpful, but pales into insignificance with sharing of information what defenses were successful in intercepting cyber heists. There are millions of potential attacks, from diverse sources, per day. It is the capacity of the defenders to block and ultimately eliminate cyber heists. If help from the government would be helpful that would primarily require sharing of information about cases of successful deterrence by the defenders, not generalized intelligence about potentially unknown sources of attacks.


[1] http://www.wsj.com/articles/u-s-puts-new-focus-on-fortifying-cyber-defenses-1419553122

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com