What You Need to Know From the Cybersecurity Act of 2015: Part One

January 19, 2016, Rick Link, Managing Director

On Dec. 18, 2015, President Obama signed into law an omnibus spending bill that included the Cybersecurity Act of 2015 (“The Act”). The Act was a compromise of cybersecurity information sharing bills that passed the House and Senate earlier in 2015. It creates a voluntary process for sharing cybersecurity information and is intended to encourage public- and private-sector entities to share cyber-threat information. The Act is controversial, as the active sharing of information between and among the Federal Government and private sector entities does not currently occur routinely or effectively.   

Private sector entities have been and still are very reluctant to share their security threat and breach information with the Federal Government. Private sector entities have obvious business risks by disclosing individuals’ confidential information, including potential consumer lawsuits. Further, sharing of information with the Federal Government could be used as evidence against the entity in potential regulatory actions. The disclosure and routine sharing of private sector security failures are not easy decisions for private entities, and are red-hot topics discussed at board-level meetings, especially for entities where their stock is publicly traded.

Federal, state and local municipalities also loath disclosing their failure to adequately protect and restrict access to private and public records. Trust in our public sector officials is at an all-time low due to these security breaches, which highlight an obvious neglect to remain current on critical security patches and basic perimeter controls to prevent unauthorized access by cybercriminals. Recent public sector security breaches include the Internal Revenue Service, which allowed hackers to obtain detailed tax-return information on 104,000 taxpayers; the Office of Personnel Management (OPM) which compromised more than 21 million current and former government employees' personal information and the U.S. Postal Service which had over 800,000 employee records stolen.

The Act strives to address many of the private and public concerns to encourage information sharing between and among the Federal Government and entities in the private sector. It also directs certain departments (Commerce, Defense, Energy, Homeland Security, Justice, Treasury and Office of the Director of National Intelligence) to create a process for sharing both classified and unclassified cyber-threat indicators and defensive measures with the private sector, as well as information relating to certain cybersecurity threats and best practices.

Rick Link

Author

Rick Link — Managing Director

Recent Posts

Post Topics

Archives

Tags

2.0 3.0 access Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff cloud CoalfireOne Compliance credit cards C-Store Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Ed Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi wireless women XSS
Top