Cyber Bill okayed by US Senate committee; faces uphill struggle
Privacy concerns over information-sharing proposal may stymie move to protect critical infrastructure
The US Senate Intelligence Committee yesterday cleared a Bill designed to spur information sharing among the public and private sector in a bid to protect critical infrastructure against cyber attacks, Reuters reported.
The legislation still must be approved by a full vote in the US Senate and must be adjusted to mesh with a Bill that passed the House of Representatives in April. Already concerns have emerged among lawmakers of possible privacy violations, an issue made more sensitive since ex-NSA contractor Edward Snowden leaked details of secret surveillance programmes.
"Cyber attacks present the greatest threat to our national and economic security today, and the magnitude of the threat is growing," said committee chairwoman Dianne Feinstein, a California Democrat and co-author of the Bill with Vice Chairman Saxby Chambliss, a Georgia Republican.
"This bill is an important step toward curbing these dangerous cyber attacks."
Robert Bigman, former chief information security officer at the CIA and current private-sector IT security consultant, warned Dubai conference delegates that one of the main barriers to effective SIEM (Security Intelligence and Event Management) systems was the standardisation of information sharing.
Bigman was speaking at the Gulf Information Security Exhibition and Conference (GISEC), held at the Dubai World Trade Centre in June.
In the Middle East, security vendors have increasingly turned to big data and analytics as a means to progress the fight against cyber incursions now that the cyber security industry has accepted the premise that intrusion prevention systems (IPS) are no longer an effective means of protection. But the information-sharing requirements of such solutions stand in the way of their operation.
"In the US government we can't even agree on the standard for how to share the data," Bigman said. "The idea that we are all someday just going to collectively start sharing data without any restrictions and move it transparently across organisations and governments... I would love to see that; it would be wonderful. But it's not going to happen."