Cybersecurity up for Discussion

In October, the Senate passed the Cybersecurity Information Sharing Act of 2015, or CISA, 74-21. The bill is essentially an information-sharing bill, designed to allow companies that are hit by a hacker to share information—called “cyber threat indicators”—with the U.S. Department of Homeland Security, or DHS. DHS can then put out an alert, share suspicious code and warn other firms about the threat.

The House passed its own version of the bill—Protecting Cyber Networks Act—back in April.

In a statement released Oct. 22, Pres. Obama pledged support for CISA.

“An important building block for improving the nation’s cybersecurity is ensuring that private entities can collaborate to share timely cyber threat information with each other and the federal government,” he said. 

But the cybersecurity bill is highly controversial, with critics claiming it will allow intelligence agencies to invade a citizen’s privacy without a warrant and focuses on the wrong aspect of cybersecurity by not setting up security standards for companies.

Cybersecurity is not just a hot topic in Washington, D.C., but also in statehouses across the country.

“It’s not a matter of if a (cybersecurity) breach will happen, but when,” said Brenda Decker, Nebraska’s chief information officer.

At the CSG Cybersecurity Public Policy Academy held earlier this year in Missouri, Doug Robinson, executive director of the National Association of State Chief Information Officers, presented information from a 2014 Deloitte-NASCIO survey that asked state information chiefs the major barriers their state faces when addressing cybersecurity.

“Increasing sophistication of threats is number one,” said Robinson, “followed closely by lack of adequate funding.”

The survey found that 78.9 percent of state chief information officers thought the increasing sophistication of threats was a major barrier in preserving state cybersecurity, followed by lack of adequate funding (65.4 percent), inadequate availability of security professionals (61.5 percent) and emerging technologies (61.5 percent).

Cheri Caddy, director for cybersecurity policy outreach and integration for the White House National Security Council, agreed that increasingly sophisticated threats are a concern at both the state and federal levels.

“Unfortunately, the cyber threat is growing broader, more sophisticated and more dangerous,” she said.

Caddy said cybersecurity threats call for a new level of collaboration—across all levels of government and across agencies.

“In the face of this growing threat, we are challenged by a mission that requires a uniquely diverse level of coordination among functions—including technology, law enforcement, defense and intelligence, homeland security and even first responders—and among all types and sizes of organizations,” said Caddy.

CSG will host a conversation with Doug Robinson and others during the Intergovernmental Affairs Committee meeting today from 2:30-5 p.m.