Tuesday, December 22, 2015
Cybersecurity Buzz in Washington
Cybersecurity is at issue and a buzz in Washington with a bit of urgency and cluelessness. From addressing anti-hacking methods to cyber security threat sharing, Congress, federal agencies, and the White House are trying to flatten their learning curve. Private companies have been drawn in to give their two-bits and compare notes on cyber security threats.
Now with the House passing of the Protecting Cyber Networks Act (H.R.1560) (“PCNA”) and the National Cybersecurity Protection Advancement Act (H.R. 1731) (“NCPAA”) the dialogue on cyber threat sharing has covered both the concern for privacy and the manner in which to report cyber threats. Additionally has been the query of designating the role of “portal” companies that would be tasked to report cyber threats. The additional consideration is with the assigned role of the Department of Homeland Security as it could be earmarked as the portal for civilians. The notion is not to house the reporting auspices within an agency having prosecutorial responsibilities. But the weakness considered by privacy advocates is the inherent provision allowing the President the opportunity to appoint an alternate civilian portal, which could essentially open the door for government surveillance.
Within the Cybersecurity buzz is as well the anti-hacking topic floating around as a result of the House Cybersecurity Caucus members urging the White House to change its draft regulations on ‘hacking tools.’ The private sector view is that the regulations are not based on a well-founded understanding of the distinction between defensive and offensive cyber tools. While the stated goal is to prevent technology from getting in the hands of countries with undemocratic governments, the differing roles noted for the vying federal agencies, could instead impinge the efforts of U.S. private companies striving to protect their technological infrastructure and networks.
The wrinkle to addressing this is that the Department of State, the Department of Commerce and the Department of Homeland Security have different views on how the 2013 Wassenaar Agreement should be amended. The Agreement has an expanded list of restrictions on dual-use technologies, including Internet-based surveillance systems and intrusion software. Such technologies would be used to pressure and restrict journalists and governmental critics. As is, the defined scope of ‘intrusion software’ appears too broad which will serve to prohibit U.S. companies from exporting technology they use to test their vulnerabilities and assists them on discerning where to implement cyber security improvements in their networks.
Lorenzo Law Firm is “Working to Protect your Business, Ideas, and Property on the Web."Copyright 2015, all rights reserved Lorenzo Law Firm, P.A.