The House Homeland Security Committee’s subcommittee on cybersecurity met on Wednesday to discuss how the recently passed Cyber Information Sharing Act (CISA) is progressing. The subcommittee discussed information-sharing across the private sector while also critiquing DHS’s recently released guidelines for sharing cyber threat information between the private sector and with the government. On Tuesday, DHS released guidelines offering “assistance to info-sharing stakeholders by outlining protocols for the government to share information to industry, for industry to share with the federal government, for receiving cyber threat indicators from the government and for protecting privacy and civil liberties.” In the hearing, members and the panel agreed that more businesses need to participate in the program. Only 30 organizations are actively participating in the info-sharing portal on a day-to-day basis.
Chairman Michael McCaul (R-TX) began the hearing by explaining that the passing of the legislation is certainly a start, the next phase will be implementation of the program. “The legislation was a major win for security and privacy, allowing companies to secure their networks and keep hackers away from our bank accounts, health records and other sensitive information. But we cannot be satisfied with this progress. We’ve got to be as aggressive as our adversaries, and we should aim to stay a step ahead of them,” said McCaul. While only half of companies believe they are secure from a cyber-attack, organizations still fail to protect their networks, explained one panelist. Americans view cyber threats as the second biggest threat only behind ISIS. This proves the need for organizations and the federal government to work together when sharing cyber threat information. Collaboration is also needed when focusing on the education aspect of fighting cybercrime. The hearing also addressed the difficulty small businesses face when sharing cyber threat information due to a lack of resources and funds on top of the complexity of the program. The full hearing on the Oversight of the Cybersecurity Act of 2015 can be found here.
In other industry news, The Council would like to congratulate Ben Beeson, Cyber Risk Practice Leader at Lockton, for being awarded the 2016 Advisen Cyber Champion of the Year award for his outstanding contributions in cybersecurity.