Slashdot Mirror
Real-World Roadblocks To Implementing CISA
An anonymous reader writes: The recent approval of CISA (the Cybersecurity Information Sharing Act) by the US Congress and Senate is paving the way for broader security collaboration. If and when CISA is ratified into law, the chief obstacles to cybersecurity collaboration within the private sector will remain. CISA promotes sharing – but when dealing with cyber threat data companies are also concerned about other mandates which may govern the information being shared. These include anti-trust, privacy, sectorial directives and data protection regulations that affect many multi-national organizations.
Yeah! Better promote that CISA! Who cares about turning the US into a fascist corporate dystopia? It's all about aggregating information on the sheep-- er, citizens.
Submitter is anonymous because he/she's obviously a shill for these scumbags. Whoever submitted it would be perfectly at home with the Stasi.
The recent approval of CISA .. by the US Congress and Senate is paving the way for yet more surveillance of the civilian population under the pretext of national security.
CISA isn't about sharing, it's about spying on our communications.
The real "Libtards" are the Libertarians!
The 2015 proposal retains provisions from the 2011 proposal that require entities to make "reasonable efforts" to remove information that could be used to identify a specific person before sharing and only requires this information to be removed for individuals ‘reasonably believed to be unrelated to the cyber threat’.
"reasonable efforts" = "Meh, if it's easy, cool. If not, whatever. We'd really like all of the information, but we need to pay lip service to the plebs that believe they matter. You know what? Just give us all the names and we'll just imprison them all. It doesn't really matter because we have no accountability! Woohoo!"
Wanna cyber?
Show me everything baby, I wanna see it ALL. :D
Posting AC, but as a devil's advocate, CISA is not all bad. For example, some attacker is urinating on Foocorp's systems. Foocorp notifies DHS about the scope of the attacks. DHS then notifies other companies about that, hands them some IDS/IPS rules, and when the attacker goes to Barcorp, Barcorp detects and ball-gags the attack right away thanks to the measures put in place. Long term, NIST adds security guidelines for operating systems and network fabric to mitigate the attack effectively on a permanent basis. (Things like locking accounts for a period of time if too many passwords are guessed, having logs go to some type of alerting system if the above is happening, and so on.)
In reality, what can the US government do for security with companies? If they force more "clarity"/"come clean" laws on companies to go public on breaches, then what constitutes a breach? Someone tailgating into the company cafeteria because the Korean turkey burgers are so fresh, you can almost hear them meow? Companies will just hide the security breaches, and nobody will know.
The only tools the US government has for security are getting insurance companies to not cover companies which are lax in security, or getting companies to privately share breaches so more high quality people can work on dealing with an attacker, find their methods, and find a way to mitigate it.
Congress probably wants to get as much data about multi-national corporations so that they can leverage that data to tax more money out of them. Meanwhile, customers are watching to see if those corporations are giving their private data to government and what that will mean for them and their families. So it's a lose-lose for corporations. Then the NSA is paying security experts and mathematicians and stockpiling all of that information for itself, while other government agencies (which are huge stockpiles of individual information) remain open to the exact attacks it funds. Not a good environment for people or corporations.
Dear "Anonymous" Government PR Guy who submitted this article:
Hahahahahahaha.
Kind Regards,
The Tech Sector
"by the US Congress and Senate"
No wonder the post was anonymously-written; dear morons of the world: the Senate makes up one half of the US Congress, just like the House of Representatives makes up (the other) half. Writing that it was approved by the Congress and by the Senate is redundant and shows a lack of understanding of government at even a basic level.
"Apple refused to share so we're making it illegal to not share."
I think the government is just worried that Apple knows too much. The government must always be more powerful, know more, do things better and be "in every conceivable way" better than anything else. That's why socialism doesn't work and we need a free market - sorry, the logic doesn't follow, come again?
Face it, the government is terrible at cybersecurity. Guns don't work against Russian hackers that are still in Russia and that's the only card the government has that a typical corporation doesn't. In the meantime the government can't really be sued, so if they fuck up and you're left out on the street it's not their fault. No, you're still on the hook when you get hacked - even if it's provably *their* fault for being power grubbing, stupid, ignorant or dumb.
That's why I'm urging my Congressman to vote for this, and for the Copyright Violation Persecution and Snuggling Act!
The submitter thinks the government taking customer information from corporations will improve 'security'. Where's the phalanx of 'small government' bigots, the tinfoil hat fanatics foreseeing government interference and totalitarian oppression? Methinks it's like the Nazi census asking everybody about their religion.
Last year Australia declared a policy that video piracy is a matter of national security. That's right, misuse of easily accessed corporate property is now a threat to the Australian government and a reason to apply odious 21st century national security laws. The USA, the paragon of security theatre, still has much to look forward to.
corporations are taught it's not nice to share. It's lost profit.
My opinion is that most everything I have read about CISA is "offering" already exist.
The sharing already exist, and to date does little to stop the rape of networks.
The main thing that caught my eye, and perhaps the entire reason for CISA, is too mitigate corporate liability in data sharing.
That's the only new thing under this toxic sun, immunity for corporations.
"If any question why we died, Tell them because our fathers lied."
Fear != harm
If you don't reject unwise decisions what do you expect? CISA is a shit spiral. The toilet.
When you make it "ok" to go full global Stasi do you think nobody crooked knows this? Think maybe just maybe they would strive for jobs in capacities that would give them "boss feels" or an inside track on personal gains?
Real-World
"Real-World" cybersecurity step #1 is shitcan Windows operating systems. You can never make closed source guaranteed honest code. You are required to trust the company by definition of closed source. Maybe just maybe management is crooked? Enron anybody? Any others?
Any subsequent agency/company et al that wishes to not be subservient to Microsoft will have no choice if they use Windows. Getting rid of Windows would remove how many botnets from cyberspace? I think all of them.
What is holding this up? Vocal shills thinking they are protecting their personal interests. Game companies compiling for The-OS-The-Spies-On-You. Literally if game companies compiled everything for Linux, at least as much as they do for PS4... people of all ages would all migrate to Linux faster than they did to Apple. If it were bundled with OEM PC's the 10 minute install wouldn't even be an issue. Why isn't it? Guess who. *cough* secure boot *cough*
So do you give Microsoft more money "muh marketshare" and pretend you can secure cyberspace with "infinite spying" ... or shitcan Windows and forget about all the CISA and other past/present/future related-bullshit? But "muh monies".. ya ya.
Money or principle? You think companies will all start sharing customer information "for your interests"? Share with who else? Get hacked much? On what? Oh. Windows? Serious? Damn shame. If you see this consumer data changing hands between corporations and government, what do you call that?
Consumer and customer merely describe a human being while relating it to an act of purchasing. It's still just people. So how do these people elected by other people to serve people as public employees suddenly decide your data is their data but not reverse? Government employees and corporate execs shit bricks when their data is "in the wild".
CISA, TPP, TTIP, TISA, and the Coronation of Clinton are all being rammed through. Thanks, Obama!
Stay away from major cities beginning around 2019. John Titor's interference merely delayed the events of his worldline by 10-15 years in our worldline. Y2K was a happy opportunity for the Masters of the Universe in his worldline, but now we see their true scenario unfold in this worldline.
Everyone can code! There's a programmer shortage! We need more cisfemale programmers!
I hope you have your spare can of gas, otherwise the walk to the gas station will be for your own good.
The harm done to privacy and freedom of the individual is clear and very bad. There is another way in which CISA does harm in a broad economic way. Many of the Tech companies don't want CISA because it harms the potential for their international business. The EU parliament has voted to prevent US companies. from moving cloud data from Europe to the US unless the privacy of EU citizens can be protected and CISA makes that more difficult. The US Congress is acting in ways that harm US companies and seriously limit their ability to conduct business outside the borders of the US. It is not often that the interests of privacy advocates and corporations are aligned. but the current situation is such a situation.
...And it was slipped past the public as a cyber-security bill to avoid public debate.
Take a look at the timing of the CIA chiefs email hack. A few days before the vote in the Senate on CISA!
Such co-incidence.
And then the hacker is interviewed and has some sort of voice changing tech. A reporter could easily contact him, yet the police couldn't?
Such amazement.
And that happens to set the agenda for CISA, transfer of data from ISPs, like AOL to NSA.
How handy!
From Wired:
"That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence."
Effectively the military now receives all surveillance data on civilians and government.
The barrier between military and civilian agencies is now zero, gone, which also removes Presidential veto, search warrants, probable cause, the lot.
Google, Twitter, Facebook, Apple, Yahoo, Microsoft.
All of these big companies control your emails, web searches, and comment postings.
And don't forget about your ISPs who watch over what web sites you visit.
This is mass surveillance of epic proportions.
The Patriot Act is expiring next month, and guess what's taking it's place?
The phrase "if *and* when" really grates my nerves. Especially when we've just had an article on Boolean logic come through recently. It's one or the other people. It cannot be both. One indicates a conditionality and the other indicates a certainty.