Improved cyber information sharing between the public and private sectors is integral in enhancing national security, according to a report released Thursday by the Bipartisan Policy Center’s Cyber Security Task Force.
As part of the Washington-based research organization’s Homeland Security Project, the task force advised that the current level of collaboration is not effectively protecting the nation and its critical infrastructure from potential cyber attacks.
Over a five-month span, from October 2011 to February 2012, more than 50,000 cyber attacks on both government and private sector networks were reported to the Department of Homeland Security (DHS), representing only a small portion of the attempted attacks on the US each year, the 19-page report noted.
The task force, co-chaired by former head of the US Central Intelligence Agency (CIA) and the National Security Agency (NSA) Gen. Michael Hayden, alongside businessman Mortimer Zuckerman, CEO of Boston Properties, called for a range of improvements in information sharing between the two entities, urging that collaboration not come at the cost of Americans’ privacy or corporations’ liabilities.
And while the report’s recommendations may not seem new to many following the issue, the task force went on to suggest what some might see as a controversial concept of allowing government to step in in the event of certain private sector cyber attacks.
“Legislation should provide that the president may certify to Congress that an emergency exists from an ongoing cyber attack or national security threat,” the task force wrote in the report. “This certification would trigger specific authorities to mandate that reasonable countermeasures be taken by companies.”
In a time when Congress is already caught up on how much, if any, information sharing should take place between public and private sectors, the report is sure to raise a few red flags for those in the industry and on Capitol Hill looking for less regulation.
Yet, with other members of the Bipartisan Policy Center’s task force hailing the DHS, US Air Force, Office of the Director of National Intelligence, NYPD Counterterrorism Office and the George Washington University School of Law, the report is likely to be considered by several legislators and cybersecurity staff on the Hill.
In addition to the said-controversial concept, the report also calls for: protecting cyber information provided to the government by complying companies; requiring the government to push relevant, technical cyber threat data to the private sector in an unclassified format; appointing security-cleared private sector support to work directly with the government to better protect critical infrastructure; and streamlining data breach notification requirements in incidents that could cause harm to the public.
—
Michelle Kincaid is a DC-based public affairs professional specializing in technology policy. She is also founder of the blog CybersecurityNews.org. Follow her on Twitter at @OnCybersecurity.
