Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

U.S. President calls for more cybersecurity information sharing

Maria Korolov | Jan. 16, 2015
President Obama urges companies to share information about cyberattacks.

Take, for example, the requirement to remove unnecessary personal information.

"What is the definition of 'unnecessary'?" he asked. "Who is responsible for making such decisions?"

Similarly, he said, liability protection sounds like an unfunded mandate on the cyber insurance industry, which is still in its infancy.

Even harsher penalties for cybercrimes did not meet with uniform support from cybersecurity professionals.

The current Computer Fraud and Abuse Act is already too broad, said Ian Amit, vice cresident at Baltimore-based security firm ZeroFOX.

"It has been notoriously criticized in several high-profile cases for being used to indict people whose action would [normally] not have even been classified as a misdemeanor," he said.

Under the proposed law, violations no longer start at a misdemeanor but as felonies, he added, and while the law is still too vague it also does not address the landscape of modern cybercrime.

"If it were left to a professional legal review from security industry professionals I believe that it would not see the light of day in its current form," he said. "But as we are all aware, the legislative process is subject to non-security industry forces."

Other security experts, however, saw the proposed legislation as an important first step towards addressing the evolving nature of cyberthreats.

"While this legislation probably doesn't go far enough, I think merely introducing it is a step in the right direction," said Sanjay Beri, CEO and co-founder at Los Altos, CA-based cloud security vendor Netskope. "We need to have this discussion and get serious about cybersecurity across all types of companies."

Beri added that he's not convinced that the new legislation will help prevent breaches.

"But I am 100 percent convinced that there will be more data breaches and sitting on our hands and not having this discussion won't prevent them either," he said. "Also, this needs to be a two way street. Governments need to ramp up sharing data they gather to vendors and enterprises in an easy way."

According to Mary Ann Miller, senior director at New York City, NY-based NICE Actimize Inc., the proposed legislation is an "outstanding first step."

"Any initiative that creates a better environment for open discussions of critical issues ... is only a win for the good guys," she said.


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.