Cyber Security and the White House

Similar documents
Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

Cybersecurity Primer

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

National Cyber Threat Information Sharing. System Strengthening Study

Implementation of the Cybersecurity Executive Order

S. ll IN THE SENATE OF THE UNITED STATES

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Presidential Summit Reveals Cybersecurity Concerns, Trends

Testimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

Cyber After Snowden. Can DC Help Protect Your Networks? Matthew Rhoades, Director, Cyberspace & Security Program

JOIN THE 2015 CYBERSECURITY CAMPAIGN

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

Cyber Legislation & Policy Developments 2014

How To Write A National Cybersecurity Act

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

114 th Congress March, Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

The Dow Chemical Company. statement for the record. David E. Kepler. before

Examining the Evolving Cyber Insurance Marketplace

ANTICIPATE. MITIGATE. PROTECT.

Delving Into FCC's 'Damn Important' Cybersecurity Report

What are you trying to secure against Cyber Attack?

Cyber Risk to Help Shape Industry Trends in 2014

2015 CYBERSECURITY CAMPAIGN. Improving Today. Protecting Tomorrow. Page 1

Corporate Perspectives On Cybersecurity: A Survey Of Execs

House Committee on Homeland Security s Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology

Research Note The Fight to Define U.S. Cybersecurity and Information Sharing Policy

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am

How to get from laws to technical requirements

Why you should adopt the NIST Cybersecurity Framework

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Preservation of longstanding, roles and missions of civilian and intelligence agencies

When Can We Expect a Federal Data Breach Notification Law?

CYBER INTELLIGENCE SHARING

Can Cyber Insurance Be Linked to Assurance?

Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)

Senate Subcommittee Hearing and Report Regarding Online Advertising and Hidden Hazards to Consumer Security and Data Privacy

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

How To Pass Cybersecurity Legislation

Sempra Energy Utilities response Department of Commerce Inquiry on Cyber Security Incentives APR

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

Cybersecurity: The Legal, Legislative and Regulatory Outlook

In This Issue: Finance & Legal Edition. Voice. Cybersecurity Developments Raise Growing Regulatory Concerns For Undersea Cable Industry

Report: An Analysis of US Government Proposed Cyber Incentives. Author: Joe Stuntz, MBA EP 14, McDonough School of Business

CYBER BRIEF Improving Supply-Chain Policy for U.S. Government Procurement of Technology

September 28, MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

CYBER SECURITY A L E G A L P E R S P E C T I V E

Billing Code: 3510-EA

Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014

The Value Proposition for Cyber Security: Does it exist and how can we create it? Larry Clinton, ISAlliance Chief Operating Officer

1851 (d) RULE OF CONSTRUCTION. Nothing in this section shall be construed to (1) require a State to report data under subsection

Privacy Legislation And Regulation To Watch In 2015

WRITTEN TESTIMONY OF

2015 Cybersecurity Campaign. Improving Today, Protecting Tomorrow

Critical Infrastructure Cybersecurity Framework. Overview and Status. Executive Order Improving Critical Infrastructure Cybersecurity

Government Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

Dean C. Garfield President & CEO, Information Technology Industry Council (ITI) Committee on Energy and Commerce

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation

CYBER-SURVEILLANCE BILL SET TO MOVE TO SENATE FLOOR

Comments :Incentives To Adopt Improved Cybersecurity Practices

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Larry Clinton Operations Officer Internet Security Alliance

DEFINING CYBERSECURITY GROWTH CATALYSTS & LEGISLATION

PREPARED TESTIMONY OF THE NATIONAL CYBER SECURITY ALLIANCE MICHAEL KAISER, EXECUTIVE DIRECTOR ON THE STATE OF CYBERSECURITY AND SMALL BUSINESS

Cyber-insurance: Understanding Your Risks

White Paper on Financial Industry Regulatory Climate

Cybersecurity and Information Sharing: Comparison of Legislative Proposals in the 114 th Congress

Testimony of. Wm. Douglas Johnson. American Bankers Association. Subcommittee on Information Technology

Delaware Cyber Security Workshop September 29, William R. Denny, Esquire Potter Anderson & Corroon LLP

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

S. 21 IN THE SENATE OF THE UNITED STATES

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Prepared for distribution at the CYBERSECURITY 2015: MANAGING THE RISK Program September 25, 2015

Cyber Threat Information Sharing Recommendations for Congress and the Administration

July 15, President Barack H. Obama The White House 1600 Pennsylvania Ave Washington, D.C

Data Privacy & Security in the Cloud: Legal Basics and New Developments

A conversation with Allan Friedman about cybersecurity issues

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

The Department of Homeland Security The Department of Justice

Perspectives on Cyber Security & Digital Issues

Changing Legal Landscape in Cybersecurity: Implications for Business

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

Internet Security Alliance

December 13, Submitted via to

S AN ACT. To codify an existing operations center for cybersecurity.

United States House of Representatives United States House of Representatives. Washington, DC Washington, DC 20515

State Engagement with the Energy Sector to Improve Cyber Security

Today's Mobile Cybersecurity Information Sharing

Global Cybersecurity Outlook:

Transcription:

West Texas Cyber Security Consortium GOVERNMENT IT REPORT White House Tilts Toward Public-Private Cybersecurity Cooperation By John K. Higgins E-Commerce Times Part of the ECT News Network 06/23/14 5:00 AM PT Despite the administration's leaning toward a voluntary approach, legislation of some sort may be necessary to bring the private sector completely on board for a national, government-industry program to prevent cyberattacks or deal with them once under way. The trick will be for Congress to craft a bill that provides incentives for business cooperation while minimizing burdensome regulation. The Obama administration and the private sector -- often at odds over the regulation of everything from telecom issues to software protection to the environment -- apparently agree that a major issue dealing with cybersecurity should be addressed on a cooperative basis, largely free of federal regulation. The White House signaled its tilt toward a cooperative and voluntary approach for protecting "critical infrastructure" assets from cyberattacks and breaches in a notice issued last month by cybersecurity coordinator Michael Daniel. The major conclusion of an administration study of executive branch agencies was that the study "supports our current voluntary approach to address cyber risk," Daniel said his post. "The administration has determined that existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to our critical systems and information." That commentary should not be taken as an administration move to entirely jettison cybersecurity regulation, of course. Its thrust was that no additional or new regulations were necessary. Existing regulatory authorities that affect cybersecurity still could take action if the government deemed it necessary to do so. By and large, Daniel's comments were received as both significant and appropriate.

"While others are still toying with antiquated regulatory models to address this issue, the administration has charted a new and visionary course through the President's 2013 executive order on cybersecurity," said Larry Clinton, president of the Internet Security Alliance. Daniel's recent commentary, he said, "is another welcome step in the right direction." ISA members include GE, Vodaphone, Northrup Grumman and Fidelity Investments. "We have maintained all along that a static, government-centric regulatory model is not appropriate. Information technology changes too rapidly -- and frankly, so does the technology of hackers and others who commit these attacks," Clinton told the E-Commerce Times. Report Minimizes Regulation As part of a 2013 executive order and the adoption earlier this year of cybersecurity approach developed through the National Institutes of Technology, known as the "NIST Framework," the administration examined three major agencies regarding cybersecurity: the Department of Homeland Security, the Department of Health and Human Services, and the Environmental Protection Agency. The review covered such critical infrastructure components as water, chemical hazards, food and medical supplies and services, and transportation. Each agency concluded that its existing authorities were adequate to meet the goals of the NIST Framework, and that voluntary and cooperative programs with the private sector were preferable to an exclusively regulatory approach. The administration's policy was limited to implementation by agencies within the executive branch, and independent agencies such as the Nuclear Regulatory Commission or the Securities and Exchange Commission were free to take their own approaches to cybersecurity, Daniels noted. "While those agencies have some leeway, there is a good chance the White House approach will serve as guidance to them as well. The Daniels blog and the executive order essentially

puts the administration in the role of a 'thought leader' to emphasize a collaborative approach," Clinton said. "Certainly, the language in the White House statement is encouraging in terms of minimizing regulation, but you still have to realize that agencies have a wide breadth of current authority they could implement," David Inserra, research associate at the Heritage Foundation, told the E-Commerce Times. Liability Protection Top Issue The White House statement could put a damper on legislation that might result in additional regulation related to cybersecurity issues. "At the very least, the administration's position would provide ammunition for opponents of any legislation that appears to be too heavy handed," Inserra said. "Legislation which focuses on a regulatory approach is very unlikely to gain traction because of the administration's position," said Clinton. Nonetheless, legislation of some sort may be necessary to bring the private sector completely on board for a national, government-industry program to prevent cyberattacks or deal with them once under way. The trick will be for Congress to craft a bill that provides incentives for business cooperation -- especially in sharing cyberincursion information -- but that minimizes burdensome regulation. "The big issue still is liability reform," Inserra said. Businesses want to legally ensure that disclosure of cyber information to the government or within the business community will not trigger violations of various laws related to such disclosures." The House last year approved a bill that includes such protections. The Cyber Information Sharing and Protection Act, or CISPA, which was passed by a 288-127 vote, addresses a variety of circumstances related to the handling of cybersecurity information. These include privacy protections, the elimination of any competitive advantages in the sharing of cyberdata, and liability protection for entities in the private sector. The House bill "prohibits a civil or criminal cause of action against a protected entity, a selfprotected entity, or a cybersecurity provider acting in good faith," according to the Congressional Research Service.

Legislation Still Necessary? The Senate Intelligence Committee is working on a similar measure. Recently, Sen. Saxby Chambliss, R-Ga., the ranking Republican on the committee, said he was optimistic about enactment of cybersecurity information sharing legislation. Chambliss and committee chair Sen. Diane Feinstein, D-Calif., "are currently working out some differences in their draft legislation related to the language in the bill on liability protection for companies that participate in information-sharing with the federal government," said law firm Squire Patton Boggs. The IT community is maintaining a close watch on the legislative front. "The protection of the networks that we rely upon for economic stability, national security and public safety against cyberthreats is a shared responsibility," Linda Moore, president and CEO of TechNet, told the E-Commerce Times. TechNet represents key Internet players such as Apple, Google, Intel and Cisco. "An effective approach to cybersecurity requires sustained collaboration between public entities and the private sector in order to identify threats, vulnerabilities and consequences, and to manage the risks to American's health, safety and security," she said. "TechNet is gratified the Senate continues to negotiate on cybersecurity and is supportive of a legislative approach that removes legal barriers and disincentives that prevent the sharing of timely threat information with those who are best positioned to act," Moore added. In addition to private sector liability relief, there are several measures that could be used to further encourage better cybersecurity without cost to federal agencies, INA's Clinton noted. These include better use of private insurance, fast-track permitting, and patent approval processes for "good actors." "We need to be even more aggressive in developing these incentive mechanisms," he said, "to address a vast and growing cyberthreat." John K. Higgins is a career business writer, with broad experience for a major publisher in a wide range of topics including energy, finance, environment and government policy. In his current freelance role, he

reports mainly on government information technology issues for ECT News Network. http://www.technewsworld.com/story/80633.html

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information