Tag Archives: White House

More on Cyber Security Executive Order…

Dark Reading published an article on October 9 about the pending Executive Order on cyber security and what it will mean to an enterprise. As mentioned in a previous post, the executive order is the Obama administration’s response to the fact that Congress did not pass cybersecurity legislation, specifically the Cybersecurity Act of 2012.

Now while the Executive Order would be focused on national critical infrastructure, the article brings up some good points about what impacts and insights this could have on a business. The article noted that the Executive Order would not deal with one of the key points of the act, the sharing of information between government agencies. According to the article:

The issuance of an executive order would not address one of the key elements of the Cybersecurity Act of 2012 – information sharing between the private sector and government. According to former NSA Deputy Training Director Cedric Leighton, information-sharing has to span both sharing between the government and private sector as well as between entities in the private sector itself.

A key point about what businesses are looking for is stated in the article…more specifically three key items:

Rather than checklists, organizations are looking for three distinct things: the current state of a threat, what others are doing about security, and what are the guiding principles that should be considered when developing a security program and strategy, Granado argues. Protecting intellectual property means complicating the process of acquiring inappropriate access, detecting threats and neutralizing threats before they expand, he says.

As noted in the article, a purely defensive “knee-jerk” mentality is not enough and a pro-active stance is needed to effectively secure the information assets of the business and in turn improve the overall risk posture. The idea that the minimum is enough is not enough, that will leave business always behind a curve.

Tagged , , , , , , , , , , , , ,

Iran’s Other Export…

In an article published by Bloomberg Press and redistributed by the Dallas Morning News, Senator Lieberman and other analysts state that Iran is planning an escalating set of cyber attacks against US companies and interests in response actions around Iran’s nuclear capability.

According to the Senator:

Iran’s government and its elite Qods Force were probably responsible for cyber attacks launched this week against JPMorgan Chase & Co. and Bank of America Corp., Senator Joseph Lieberman said yesterday in an interview on C-SPAN’s “Newsmakers” program.
“I don’t believe that these were just hackers,” Lieberman, an independent from Connecticut who’s chairman of the Homeland Security Committee, said in the interview scheduled to air tomorrow. “I think that this was done by Iran and the Qods Force, which has its own developing cyber attack capacity.”

This has major ramifications not only to US policy regarding state sponsored cyber attacks, but also to US businesses. It is becoming more apparent that improved operational security (OPSEC) practices and overall architecture will be needed to mitigate the increased threat that these type of cyber threats from governments can pose. The ancillary question will be whether the US will truly define state sponsored cyber attacks as an act of war and if not, to what degree will the US expect business to “defend” themselves…

According to Frank Cilluffo, director of George Washington University’s Homeland Security Policy Institute and a former special assistant to President George W. Bush for homeland security:

“The good news is Iran is not at the level of sophistication of China, Russia, us and some of our allies,” Cilluffo said. “The bad news is what they lack in capability, they more than make up for in intent.”

Tagged , , , ,

US Cybersecurity Debate Begins… Again…

Do you ever get the feeling that at some point in the morning you should be hearing the Sonny and Cher tune “i’ve Got You Babe” and that you are in Ground hog Day. That we are reliving the same thing over and over again. Well we are again…

We all probably remember the heated debate around the Cybersecurity Act of 2012. Whether political or a security practitioner, everyone had an opinion on one side or another. Well, we will soon begin the debate again, but this tim it will not be in response to a Congressional proposal, but rather an Executive Order (EO). Friday a leaked draft of the EO posted to the techdirt.com website.

According to the proposed draft, the EO is meant to revise the federal architecture for enhanced protection of the critical infrastructure and information sharing or “information exchange framework.” The EO also places the Department of Homeland Security (DHS) as an oversight role for making and implementing the changes. What is not completely understood is the full nature of what is considered “critical infrastructure” and how commercial business will act with regards to another set of US regulatory impacts to their bottom line.

Many in the political scene and in the security industry have been vocal about the need for a defined framework beyond/improving the existing FISMA regulations adhered to by federal agencies. However, there are not as many that would agree that DHS is the federal entity to oversee the implementation. There is even more of a divide when you start discussing how this framework should be applied to private industry.

A recent SC Magazine article quoted concerns from several Republicans about the current EO based on a letter written by John Brennan, the national security advisor to the president. According to the article:

A letter released on Friday written by John Brennan, national security adviser to the president, written to Sen. Jay Rockefeller, chairman of the Senate Commerce Committee, confirms that the White House is working on the order.

“Following congressional inaction, the president is determined to use existing executive branch authorities to protect our nation against cyber threats,” Brennan wrote.

In a recent sponsored Washington Post editorial, Senators John McCain (R-Ariz.), Kay Bailey Hutchinson (R-Texas), and Saxby Chambliss (R-Ga.) blasted the idea of an executive order.

“Unilateral action in the form of government mandates on the private sector creates an adversarial relationship instead of a cooperative one,” the senators wrote.

This is interesting the impact this will have with regards to the impending elections and how security community at large will view this potential mandate. This will definitely (re)develop in the coming weeks…and remember “its going to be a cold one out there…”

 

Tagged , , , , , ,
%d bloggers like this: