Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs, net neutrality, Privacy, regulation

Cyber Roundup (12/22): Regulators tell banks to share cyber attack info, WH Strategy for Information Sharing, Net Neutrality bill, and more . . .

Quick survey of recent cyber news . . .

***

Eric Engleman & Dakin Campbell report for Bloomberg that the U.S. Office of the Comptroller of the Currency “told financial institutions to report cyber attacks to law enforcement and alert customers to their impact.  . . .”

***

Antone Gonsalves reports for CSO on the White House’s National Strategy for Information Sharing and Safeguarding.  According to Gonsalves, this new strategy is a “framework for government departments and agencies to follow in sharing information . . . that would help bolster defenses against state-sponsored hackers and other criminals.”  The Strategy’s Executive Summary lays out 5 goals:

1. Drive Collective Action through Collaboration and Accountability. We can best reach our shared vision when working together, using governance models that enable mission achievement, adopting common processes where possible to build trust, simplifying the information sharing agreement development process, and supporting efforts through performance management, training, and incentives.

2. Improve Information Discovery and Access through Common Standards. Improving discovery and access involves developing clear policies for making information available to approved individuals Secure discovery and access relies on identity, authentication, and authorization controls, data tagging, enterprise-wide data correlation, common information sharing standards, and a rigorous process to certify and validate their use.

3. Optimize Mission Effectiveness through Shared Services and Interoperability. Efforts to optimize mission effectiveness include shared services, data and network interoperability, and increased efficiency in acquisition.

4. Strengthen Information Safeguarding through Structural Reform, Policy, and Technical Solutions. To foster trust and safeguard our information, policies and coordinating bodies must focus on identifying, preventing, and mitigating insider threats and external intrusions, while departments and agencies work to enhance capabilities for data-level controls, automated monitoring, and cross-classification solutions.

5. Protect Privacy, Civil Rights, and Civil Liberties through Consistency and Compliance. Integral to maintaining the public trust is increasing the consistency by which we apply privacy, civil rights, and civil liberties protections across the government, building corresponding safeguards into the development of information sharing operations, and promoting accountability and compliance mechanisms.

***

Eric Savitz, for Forbes, on whether cloud providers are absentee landlords for cybersecurity.

***

Wired’s David Kravets on how Congress focused on allowing people to share what they’re watching on Netflix via Facebook as opposed to “requiring the authorities to get a warrant to read your e-mail or other data stored in the cloud.”

Mr. Kravets, again for Wired, on a  bill from Sen. Wyden that would forbid ISPs from instituting data caps “to grant a so-called internet fast lane to preferential online services.  . . .”

Leave a Reply