Network World just released its list of the “biggest security snafus
of 2012 — so far.” That list confirms what you probably already knew:
It’s been a tough year for the folks who safeguard sensitive and
valuable information.
In the public sector, health and Medicaid data for nearly 800,000 people
was stolen from a Utah Department of Technology Services server in
March. In May, hacktivist group Anonymous released 1.7 GB of data stolen
from a U.S. Justice Department server. And in June, the University of
Nebraska said a data breach exposed more than 654,000 files of personal
information.
Cybersecurity is on my mind for two reasons. First, as I write this, I’m
returning from a trip to the Center for Internet Security (CIS), a
2-year-old nonprofit that tracks cybercrime activity and shares threat
information and best practices with state and local governments. The CIS
is led by Will Pelgrin, former director of cybersecurity and critical
infrastructure for New York state. Pelgrin led cybersecurity efforts in
New York for nearly 10 years, and founded the Multi-State Information
Sharing and Analysis Center (MS-ISAC), a cybersecurity information
sharing and monitoring group that includes all 50 states.
Pelgrin’s shift to nonprofit status was driven at least partly by the
desire to boost collaboration and information sharing among government
and private companies. He says cross-agency and intergovernmental
collaboration is easier now that the CIS is seen as a neutral third
party.
Security pros like Pelgrin say we’ll never block 100 percent of
cyberattacks. But teamwork and information sharing among private
industry, government agencies, security firms and law enforcement can
reduce the odds of serious trouble.
That brings me to the second reason I’m writing about cybercrime: For
several years, Congress has struggled to pass legislation to strengthen
cybersecurity standards and improve sharing of threat information
between sectors. It’s currently crunch time for one such measure, the
Cybersecurity Act of 2012, which observers say must clear the U.S.
Senate in August to become law this year.
The bill came under fire from Republicans wary of imposing new
regulations on U.S. businesses and from privacy advocates who fear the
measure would let companies hand over users’ personal information to the
feds without permission. Some Republican senators created a competing
bill focused on information sharing, but with fewer regulations.
As of late July, the issue was unresolved — but it demands resolution.
Privacy rights must be respected, and businesses can’t be overburdened.
But protecting information and critical infrastructure from cybercrooks
is vital to the nation’s future. Maybe the CIS offers some ideas for
information sharing and cyber-readiness we can all live with.
No comments:
Post a Comment