Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Cyber-Security Bill Seen as Good First Step Despite Privacy Concerns

    By
    Wayne Rash
    -
    April 24, 2015
    Share
    Facebook
    Twitter
    Linkedin
      Cyber-Security Bill 2

      The passage by the U.S. House of Representatives of the Protecting Cyber Networks Act on Aprils 22 is being widely hailed as a critical first step in protecting networks in the United States against cyber-criminals.

      This bill is intended to make it easier for companies to share information about cyber-attacks with other companies and with the government. A similar bill is in line for consideration by the U.S. Senate in the near future. President Obama has already indicated that he’ll sign it.

      This new bill takes a critical step by limiting the liability of companies that share cyber-security information in good faith, it restricts distribution of the information within the government, it forbids the information from being provided to the National Security Agency (NSA) and the Department of Defense, and it requires that personal information be removed before the information is passed to other companies or the government.

      However, some privacy and security advocates say the bill doesn’t go far enough in protecting privacy and that it allows companies with shoddy security practices to escape consequences of data breaches and thefts.

      But remember, this bill is only the first step. A companion bill, The National Cybersecurity Protection Advancement Act of 2015, will fill in some holes. That bill has been reported out to the full House and is expected to be voted on within a few days. Passage of that bill is also anticipated.

      Jasper Graham, former NSA technical director and now vice president of Darktrace, says that the bill that was just approved is a good start. “I think it’s a really good thing,” Graham said. “It’s the start of a longer conversation and the beginning of putting a more holistic conversation in place.”

      What’s most important is that Congress has taken this important first move, Graham said. “None of these things are going to be perfect, and there will be a lot of debate around it, but you have to start somewhere.”

      Graham asserts that to some extent the concerns of privacy advocates are overblown. “If people were to really understand how much privacy information they give to Websites they browse, they’d be shocked,” he said. “They’re holding the government to a much higher standard.”

      Graham said that while it’s important to protect privacy, it’s also necessary to give the government the teeth it needs to accomplish the job of protecting security.

      This bill has been in the works for several years, but until now has failed to get the support it needed to make it through Congress. Several things have changed since the beginning. First, the massive data breaches of 2013 and especially 2014 have made it clear that more needs to be done to protect business than is being done now.

      Cyber-Security Bill Seen as Good First Step Despite Privacy Concerns

      Second, the bill has added some restrictions and privacy protections that weren’t in the earlier bills. In addition, the companion bill now being considered would place coordination in the hands of the Department of Homeland Security rather than one of the intelligence agencies.

      Graham said that he expects to see some modifications to the bill that’s presented to the Senate that would cover some of the remaining concerns. One facet of the bill that needs to be changed, he said, is that companies shouldn’t be able to protect against poor practices.

      “One of things that could be added is some sort of standard of practice,” he said. “After the breaches of 2014, we should not see reports that stolen information was unencrypted and in the clear.” He said that he doesn’t think the bill should give negligent companies a free pass.

      “If they don’t do due diligence, they should not be free from repercussions,” Graham said. “Companies need to do the right thing to protect the information.”

      Advocates for passage of a cyber-security bill have been broadly supportive. Scott Belcher, CEO of the Telecommunications Industry Association, said that this first cyber-security bill is an important step in security.

      “Cyber-attacks are not just a threat to our national security,” Belcher said in a prepared statement, “but to Americans’ economic security as well. The cyber-security legislation passed by the House today provides greater legal protections to those who share critical information about cyber threats and vulnerabilities, encouraging the voluntary sharing of data that will provide networks and users with stronger defenses against hackers.”

      But as Graham said, this is only a first step. While the new law will allow companies to avoid liability for sharing data and will also prevent some lawsuits resulting from breaches, it does not remove the need for companies to act responsibly.

      When a massive breach occurs, there is simply no excuse for being told that none of the information was encrypted, as was the case with the Anthem health care breach. While it’s true that no law required Anthem to protect those records with encryption, the company still put its members and others at great risk through what can only be described as negligence.

      Fortunately, as the former CEO of Target found out, the market can be a powerful force. After Target’s breach, the company lost 30 percent of its valuation and its CEO lost his job. Nothing in this new law prevents those repercussions, nor should it. Unfortunately, it may be time to include some penalties for such negligence, regardless of any limitations of liability.

      This bill doesn’t do that, but it’s still important and needed to be done. As Graham said, “It’s time.”

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×