Group items tagged

The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have long been losing data to hackers in China and elsewhere, the number of parties publicly admitting such loss has been

http://hassassociates-online.com/articles/2013/04/23/house-passes-cybersecurity-bill-as-privacy-concerns-linger/ The House of Representatives go for the second round of Cyber Intelligence Sharing and Protection Act as it passed legislation on Thursday. The newly granted powers are intended to stop computer security threats against a company's rights and property. But the definitions are broad and vague. The terms allow purposes such as guarding against "improper" information modification and ensuring "timely" access to information, functions that are not necessarily tied to attacks. Once handed over, the government is able to use this information for investigating crimes that are unrelated to the underlying security threat and, more broadly, for "national security" purposes, which is a poorly defined term that includes "threats to the United States, its people, property, or interests" and "any other matter bearing on United States national or homeland security." The bill's vague definitions like "cybersecurity purpose" and "cybersecurity system" also raise the frightening possibility of a company using aggressive countermeasures. If a company wants to combat a threat, it is empowered to use "cybersecurity systems" to identify and obtain "cyber threat information." But the bill does not define exactly how far a company can go, leaving it open to the possibility of abuse. The bill drew support from House Democrats, passing on a bipartisan vote of 288-127, although the White House repeated its veto threat on Tuesday if further civil liberties protections are not added. Some lawmakers and privacy activists worry that the legislation would allow the government to monitor citizens' private information and companies to misuse it. U.S. authorities have recently elevated the exposure to Internet hacks and theft of digital data to the list of top threats to national security and the economy. Though thousands of companies have

Data breaches can have a big effect on a merger's overall value. There appears to be a worrying level of complacency toward the assessment of cyber-risks during M&A deals, despite increasing awareness of the cybersecurity risks facing businesses. International law firm Freshfields Bruckhaus Deringer found in a survey shared with Infosecurity that 90% of respondents believe cyber-breaches would result in a reduction in deal value; and 83% of dealmakers believe a deal could be abandoned if cybersecurity breaches are identified during deal due diligence or mid-transaction. Yet, too few tie-up architects are addressing the threat. A majority (78%) say that cybersecurity is not a risk that is currently analyzed in-depth or dealt with in deal due diligence. "It's surprising that dealmakers recognize the growing threat of cyber-attacks to businesses, but generally aren't addressing that risk during deals," said Chris Forsyth, co-head of the firm's international cybersecurity team. "You wouldn't dream of buying a chemicals plant without assessing environmental risk, so why would you buy a data-driven business without assessing the risks its faces around data management and cyber-security?" The firm said that the effect of a cyber-incident on value would work both ways - a business with a good track record and robust processes could be worth more than competitors, while a business with a bad track record could be worth less.

US regeringen använder sällan bästa cyber security steg: rådgivare Direkt lank: http://articles.economictimes.indiatimes.com/2013-11-23/news/44389988_1_cyber-security-cybersecurity-legislation-advisers WASHINGTON: Den amerikanska regeringen själv sällan följer cyber security metodtips och måste släppa sin gamla operativsystem och osäkra webbläsare som den försöker driva den privata sektorn att skärpa sin praxis, teknik rådgivare till President Barack Obama. "Den federala regeringen följer sällan accepterade bästa praxis," sade presidentens rådet av rådgivare om vetenskap och teknik i en rapport som släpptes på fredagen. "Det måste föregå med gott exempel och påskynda ansträngningarna för att göra rutinmässiga cyberattacks svårare genom att implementera bästa praxis för sina egna system." PCAST är en grupp amerikanska forskare och ingenjörer som gör politiska rekommendationer till administrationen. William Press, professor i datavetenskap vid University of Texas i Austin, och Craig Mundie, senior rådgivare till VD på Microsoft Corp, bestod av en arbetsgrupp för cybersäkerhet. Obama-administrationen i år intensifierat sin push för kritiska till att stärka deras cyber försvar, och Obama i februari utfärdade en verkställande order för att motverka bristen på framsteg på cybersäkerhet lagstiftning i kongressen. Mer relaterade ämnen: http://hassassociates-online.com/ http://www.linkedin.com/groups/hass-associates-4854820 http://hassassociates-online.com/art

In late 2011 and early 2012, activists, progressive politicians and Internet companies led in part by Internet freedom advocate Aaron Swartz came together to defeat the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). Advertised as measures against copyright infringement, the bills would have opened any website that contained copyrighted material it was not authorized to publish on any of its pages to a forced shutdown. A site that unknowingly held a copyrighted image in a comment section, for instance, would have been eligible as a violator. Virtually everyone was susceptible to closure. The Cyber Intelligence Sharing and Protection Act (CISPA) followed SOPA and PIPA in April 2012. CISPA was worse than its predecessors, proposing that private companies be allowed to share user information, a provision that would have violated many privacy protections of the Internet. Recognizing this, Swartz fought again. "It sort of lets the government run roughshod over privacy protections and share personal data about you," he said of the bill at the time. Again, he prevailed. Now, a year and a half after Swartz killed himself, there is the Cybersecurity Information Sharing Act. CISA is a lot like CISPA, but could end up being even worse. Privacy and civil rights groups including the ACLU and the Electronic Frontier Foundation are standing up to fight it. In an article about the bill, the ACLU's Sandra Fulton wrote: CISA "poses serious threats to our privacy, gives the government extraordinary powers to silence potential whistleblowers, and exempts these dangerous new powers from transparency laws."