Though it will be more difficult to achieve, I believe that ISAC members must eventually be required to report all significant incidents and breaches for sharing among their peers, with government and with other sectors, once some major issues have been resolved. The FS-ISAC developed a technology for the authenticated but anonymous submission of information. However, we still need to establish a suitable level of trust between government and the private sector.
As I mentioned in my November 15, 2001 testimony before the Subcommittee on Commerce, Trade and Consumer Protection of the U.S. House Committee on Energy and Commerce, which you can find at www.sifma.org/legislative/testimony/archives/Axelrod11-15-01.html , there are valid private-sector concerns about infringing antitrust laws and obtaining exemption from the Freedom of Information Act (FOIA) so that information can be freely shared without the concern that it will become accessible by the public and result in loss of reputation and business … and possibly threaten national security. Of course, this precludes breaches of nonpublic personal information, which must be disclosed under many current state laws.
As an aside, if you read my testimony, you will see that there were many recommendations being bandied around back then (more than eight years ago). Some have been realized, but many still need to be addressed.
I hope that this column better explains why, in my opinion, we really haven’t made sufficient progress in regard to the levels of protection and response that we must attain in order to secure cyberspace. Yes, we have made big strides in certain areas, and that has to be recognized and rewarded. But, overall, we have really just scratched the surface. We have the knowledge and technologies to support the program, and many individuals who are committed to making it work, but we have yet to disseminate and enforce acceptable measures to effect ubiquitous cyber protection. This lack of protection recently became particularly apparent in the light of the reported hacks against Google and others. So … well done on the first phase, guys. Now it’s time to get on with the rest of the job.
Popularity: 5%
