What it takes to protect the nation’s critical infrastructure and data
The Cybersecurity Act of 2015 is underway, but additional clarity is required if organizations are to participate in this important cyber threat info-sharing program.
Last week I had the honor of testifying as an IT industry representative before the U.S. House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
I shared with the committee insights and views on what it will take to increase industry participation in cyber threat information sharing programs authorized under the Cybersecurity Act of 2015.
There are no organizations more supportive of protecting our nation’s critical infrastructure information systems than companies in the IT industry. And the elements within the Cybersecurity Act 2015 put forward substantial measures for protecting our country and its citizens.
The Department of Homeland Security, with whom we work closely, has implemented important aspects of the Act under tight deadlines. But there is more to do.
To share or not to share
We know based on recent and past events, information sharing can only help our security posture. The DHS Automated Indicator Sharing Program (AIS) is designed to enable the government and private sector to exchange cyber threat indicators in close to real time.
This information helps organizations mitigate the effects of cyber attacks as they are unfolding and happening, and target defenses against newly discovered cyber threats. Think of it as zero-day defense enablement.
Organizations want to participate in a program like this; they see the value it can afford their businesses and operational defenses through collaboration. But in order to increase participation, a few key items are required:
Last week DHS released updated guidance around the Act and it further addressed the liability issue, particularly where sharing information between private entities is concerned.
We are encouraged and look forward to working further with DHS on this security initiative that affects every single citizen in the U.S. and abroad.