Busi­nesses re­luc­tant to share cy­ber in­for­ma­tion

Only one com­pany sends data to Home­land Se­cu­rity

Baltimore Sun - - NEWS - By Ian Duncan idun­can@balt­sun.com twit­ter.com/idun­can

WASHINGTON — A law cham­pi­oned by Rep. C. A. Dutch Rup­pers­berger to get busi­nesses and the gov­ern­ment to share in­for­ma­tion about com­puter se­cu­rity threats has had lim­ited im­pact so far be­cause com­pa­nies are re­luc­tant to hand over data to the gov­ern­ment, of­fi­cials and cor­po­rate ex­ec­u­tives said Thurs­day.

About 50 com­pa­nies and other or­ga­ni­za­tions are get­ting cy­ber in­tel­li­gence in­for­ma­tion from the Depart­ment of Home­land Se­cu­rity un­der the law, depart­ment of­fi­cial Greg Touhill said at an in­tel­li­gence com­mu­nity con­fer­ence. Only a sin­gle com­pany is send­ing in­for­ma­tion to DHS.

Touhill, deputy as­sis­tant sec­re­tary for cy­ber­se­cu­rity and com­mu­ni­ca­tions, said the com­pany that is shar­ing in­for­ma­tion has about 2,000 clients, so its ef­fect is mag­ni­fied. He de­clined to name the firm but said it’s a cy­ber­se­cu­rity com­pany and plans to make a pub­lic an­nounce­ment next week.

The law, called the Cy­ber­se­cu­rity In­for­ma­tion Shar­ing Act, was billed as a way to strengthen the nation’s de­fenses against hack­ers, but its progress through Congress was ar­du­ous. Civil lib­er­ties ad­vo­cates wor­ried that it would open a back door for spy­ing on Amer­i­cans; busi­ness lead­ers wor­ried about the im­pli­ca­tions of hav­ing to share in­for­ma­tion about at­tacks with the gov­ern­ment.

Michael Allen, a for­mer Repub­li­can con­gres­sional aide who helped shape the bill, said it ap­pears that the busi­ness com­mu­nity’s re­luc­tance to share re­mains an ob­sta­cle.

It’s also not clear how use­ful those com­pa­nies that have signed up to re­ceive in­for­ma­tion from the gov­ern­ment have found it to be, he said.

Speak­ing on a panel that in­cluded ex­ec­u­tives from AT&T and Citibank, Allen said the depth of con­cern about the process was deeper than he had re­al­ized.

“I’ve heard even more skep­ti­cism up here than I thought I would have to­day,” he said. “It wor­ries me.”

The idea be­hind the law is that most cy­ber­at­tacks are against the pri­vate sec­tor, where the gov­ern­ment can’t de­tect them, so in­for­ma­tion from com­pa­nies could be use­ful in­tel­li­gence.

Chris Boyer, an ex­ec­u­tive at AT&T, said the com­pany is still de­cid­ing whether it will par­tic­i­pate. In most cases, AT&T would be shar­ing in­for­ma­tion about an at­tack on one of its cus­tomers, he said, some­thing those cus­tomers would not nec­es­sar­ily be happy about.

“It’s not in our na­ture to just push all the in­for­ma­tion out,” he said. Com­pa­nies have pre­ferred to rely on pri­vate in­for­ma­tion­shar­ing ar­range­ments among their in­dus­try peers, which can be con­trolled more closely.

Citibank ex­ec­u­tive James Katavo­los said fi­nan­cial firms had sim­i­lar con­cerns.

“I don’t think it’s ready as is right now for a ma­jor­ity of our sec­tor to sign up,” he said.

A spokes­woman for Rup­pers­berger said the Bal­ti­more County Demo­crat is keep­ing an eye on how the law is be­ing used, and has meet­ings with busi­nesses sched­uled to see how they like its pro­vi­sions.

“We have heard anec­do­tally that there is def­i­nitely more in­for­ma­tion shar­ing go­ing on,” spokes­woman Jaime Len­non said. “DHS just is­sued its fi­nal guid­ance on ‘how’ to par­tic­i­pate in June, so it’s prob­a­bly too early to as­sess progress.”

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.