DHS official: Hackers will 鈥榮top dancing in the streets鈥 once companies share more threat info
Security and privacy experts, however, have concerns about the private sector sharing information with the government. Clips from the Passcode and Center for National Policy event on Thursday.
Security and privacy experts, however, have concerns about the private sector sharing information with the government. Clips from the Passcode and Center for National Policy event on Thursday.
The Department of Homeland Security鈥檚 top cybersecurity official says hackers and rogue nations targeting the country鈥檚 critical infrastructure and businesses will 鈥渟top dancing in the streets鈥 if the Obama administration鈥檚 plan to share information on cyberthreats succeeds.
If the companies start sharing more information with each other and the government about the threats they face, it will give them an advantage over their attackers, Phyllis Schneck said an event on Thursday hosted by Passcode and the Center for National Policy. Information-sharing, she said, is 鈥渢he one thing [adversaries] can鈥檛 do.鈥
Ms. Schneck鈥檚 remarks came just days after President Obama announced an executive order to encourage information-sharing. Mr. Obama has also called on Congress to pass legislation that would make DHS the central repository for that information coming from the private sector. 聽
Despite Schneck鈥檚 enthusiasm for the program, however, prominent security and privacy experts were more cautious, raising concerns about whether information sharing legislation was actually necessary and how to best protect personal data once it鈥檚 shared with the government.
Here are some key takeaways from the event:
Schneck: When threats become more sophisticated, cybersecurity efforts are progressing (+VIDEO)
One year after the Obama administration rolled out the country鈥檚 first cybersecurity standards to protect critical infrastructure, it鈥檚 鈥渢ricky鈥 for the government to see how companies or individual sectors are progressing, Schneck said. One counterintuitive way to assess progress: If the threats they see are getting more sophisticated. 鈥淭hat means we鈥檝e wiped out some of the bottom feeders鈥 鈥 attacks that could have been more easily avoided.
John Pescatore:聽With so much information sharing going on in industry, there鈥檚 actually not a 鈥渢remendous need鈥 for legislation (+VIDEO)
In the panel discussion, director of the SANS Institute John Pescatore says the 鈥渞eality鈥 is that many industries, such as the financial sector, have their own ways of sharing information. A cyberincident response team to investigate breaches and share lessons learned with the community to prevent similar attacks in the future, Pescatore said, would be better than 鈥測et another agency鈥 pooling threat information. 聽
Harley Geiger: Law enforcement use of shared information must be limited to prevent 鈥渁 giant backdoor wiretap鈥 (+VIDEO)
The Center for Democracy and Technology鈥檚 Harley Geiger wants to make sure there are strong limitations on the kind of information companies can share with the government, and hard limits on how law enforcement can use it. The Obama administration, Geiger said, so far has set 鈥減retty reasonable鈥 limitations: Computer crimes, threats of death, sexual exploitation of minors. 鈥淏ut if it is open for general law enforcement use, then it essentially becomes a giant backdoor wiretap,鈥 he said.
Companies, he later added, should not have to choose between being vulnerable to attacks and sharing personal information with the National Security Agency.