Home »
Digital Archaeology »
Computer Arcana »
Computer Folklore »
Private sector needs a little sumthin' sumthin' to get it sharing threat intel - US security chap
| Private sector needs a little sumthin' sumthin' to get it sharing threat intel - US security chap [message #369180] |
Wed, 20 June 2018 18:49 |
Anne & Lynn Wheel
Messages: 3156
Registered: January 2012
Karma: 0
|
Senior Member |
|
|
Private sector needs a little sumthin' sumthin' to get it sharing threat
intel - US security chap
https://www.theregister.co.uk/2018/06/20/international_panel _cyber_week/
That's what chief exec Ciaran Martin told Israel Cyber Week during a
panel on international cooperation alongside his counterparts in the US
and Singapore and industry execs on Tuesday. Much of the discussion
focused on intelligence sharing between the private sector and
government.
Christopher Krebs, newly appointed Undersecretary at the National
Protection & Programs Directorate in America's Department of Homeland
Security, said that even though the technical people and board members
might want to share threat intelligence with the government, corporate
lawyers (general counsels) were a consistent roadblock.
.... snip ...
At financial industry critical infrastructure protection meetings in
white house annex
https://en.wikipedia.org/wiki/Critical_infrastructure_protec tion
.... major concern was that the threat/exploit sharing database not be
subject to FOIA ... not to keep it from the bad guys (which already had
the info), but from the public (didn't want to damage the trust that the
public have in our institutions).
https://www.fsisac.com/
FI-ISAC Announces World's First Threat Information Sharing Group for
Central Banks, Regulators and Supervisors.
.... snip ...
We had also been brought in to help wordsmith some cal. state legislation. At
the time they were working on "electronic signature", "data breach
notfication", and "opt-in personal information sharing". Some of the
other participants were heavily into privacy issues and had done indepth
public surveys. The #1 issue (for them) was identify theft, primarily
the kind involving "fraudulent financial transactions" as a result of
breaches. At the time, little or nothing was being done and it was hoped
the the publicity from the notifications would motivate corrective
action. The issue is that entities take security measures in self
protection, but in the cases of those breaches, the institutions weren't
at risk, it was the public.
More recently there have been dozen or so "data breach notification"
bills introduced in congress that would (also) pre-empt state
legislation, none passed so far ... half similar to the cal. state
legislation and half that would effectively eliminate notification (by
requiring notification only in the case of breach with a combination of
a long list of personal information that never actually occurs).
data breach notification posts
http://www.garilc.com/~lynn/submisc.html#data.breach.notific ation
--
virtualization experience starting Jan1968, online at home since Mar1970
|
|
|
|
Goto Forum:
Current Time: Wed Apr 24 01:20:50 EDT 2024
Total time taken to generate the page: 0.24701 seconds
Members
Search
Help
Register
Login
Home
