82.9 F
Washington D.C.
Sunday, May 26, 2024
Home Blog Page 3225

Should the Purple Heart be Awarded to Terrorism Victims?

By
Homeland Security Today
-
On February 6, Secretary of the Army John McHugh approved the Fort Hood Massacre Victims as eligible to receive the prestigious Purple Heart and all the honors and benefits associated with it.

The Fort Hood Massacre was carried out by Nidal Hasan (formerly a US Army officer and psychiatrist), and many have since labelled him a terrorist. In 2009, Hasan fired on personnel around the base entrance, killing 13 and wounding 30.

Secretary McHugh’s said, “The Purple Heart’s strict eligibility criteria had prevented us from awarding it to victims of the horrific attack at Fort Hood. Now that Congress has changed the criteria, we believe there is sufficient reason to allow these men and women to be awarded and recognized with either the Purple Heart or, in the case of civilians, the Defense of Freedom medal. It’s an appropriate recognition of their service and sacrifice.”

Read complete report here.

FAA Proposes New Regulations for Commercial Use of Small Drones

By
Homeland Security Today
-

Amid mounting concerns that the Federal Aviation Administration’s (FAA) slow pace in developing a plan to open the skies to commercial drones has prevented the drone industry from taking off, the FAA on Sunday finally proposed a framework of regulations that would allow routine use of certain small unmanned aircraft systems (UAS) in today’s aviation system.

“By issuing draft regulations for the use of small unmanned aircraft systems, FAA has taken an important step towards the integration of UAS into civil airspace,” said Aerospace Industries Association President and CEO Marion C. Blakey. "The issuance of these proposed regulations is a key element of government and industry efforts to foster safe operations in both civil and military applications of remotely piloted aircraft while further encouraging research and development of UAS technologies. We believe this step will pave the way for additional service organizations and industries to explore expanded operations and use of UAS technologies.”

The proposal would pave the way for widespread drone use by expanding small UAS operations to include crop monitoring/inspection, research and development, educational/academic uses, power-line/pipeline inspection in hilly or mountainous terrain, antenna inspections, aiding certain rescue operations such as locating snow avalanche victims, bridge inspections, aerial photography and wildlife nesting area evaluations.

“Technology is advancing at an unprecedented pace and this milestone allows federal regulations and the use of our national airspace to evolve to safely accommodate innovation,” said Department of Transportation Secretary Anthony Foxx.

The proposal lays out a number of safety requirements for small UAS—drones weighing under 55 pounds—including restrictions allowing operation of drones only within the visual line-of-sight of the operator and during daylight-hours. In addition, small UAS cannot exceed a maximum altitude of 500 feet above ground level or operate at airspeeds above 100 mph.

Operators of small UAS must be vetted by the Transportation Security Administration, obtain an unmanned aircraft operator certificate with a small UAS rating and pass an initial aeronautical knowledge test at an FAA-approved knowledge testing center.

The rules would not apply to model aircraft and the FAA is considering whether it should create separate category for small UAS weighing less than 4.4 pounds.

“We have tried to be flexible in writing these rules,” said FAA Administrator Michael Huerta. “We want to maintain today’s outstanding level of aviation safety without placing an undue regulatory burden on an emerging industry.”

Sen. Charles E. Schumer (D-NY) cautioned, however, that the FAA’s proposed regulations for small UAS are merely a start. “These FAA rules are a solid first step but need a lot more refining,” he said in a statement.

The inclusion of the rule that drones must be flown within the operator’s line of sight has sparked controversy, particularly at Amazon.com. The company is working on project called Prime Air, which seeks to deliver packages to customers via small UAS.

"The FAA needs to begin and expeditiously complete the formal process to address the needs of our business, and ultimately our customers,” Paul Misener, Amazon’s vice president for global policy said in a statement. “We are committed to realizing our vision for Prime Air and are prepared to deploy where we have the regulatory support we need.”

Homeland Security Today previously reported that one of the most significant challenges to integration of UAS into national airspace is the potential that one could hit objects, such as a passenger plane. The FAA receives about 25 reports each month from pilots about UAS flying too close to their aircraft, sometimes even near major airports.

"We have all seen photos of the damage that can be cause to an airplane when a bird strikes in flight," Capt. Lee Moak of the Air Line Pilots Association Union earlier told Congress. "Unmanned aircraft can be much smaller or much larger than birds but they harbored added risk in that they carry batteries, motors and other hard metal components."

The public will be able to comment on the proposed regulations for 60 days from the date of publication in the Federal Register. In particular, the FAA is asking for comments on whether the rules should permit operations beyond line of sight, and if so, what the appropriate limits should be.

Meanwhile, the White House issued a presidential memorandum to promote the responsible use of UAS while strengthening privacy safeguards and ensuring full protection of civil liberties.

As the commercial drone market continues to push boundaries, the White House memorandum, together with the FAA’s proposed regulations, are an important step towards integrating commercial UAS into the national airspace.

“The aerospace industry will conduct a thorough review of the proposed regulations and provide FAA with feedback on their potential impact,” Blakey said. “Industry shares FAA’s concerns for the safety of both manned and unmanned aircraft. We anticipate that the exchange of views in the rulemaking process will result in a regulatory framework that will ensure safe UAS operations and expedite successful UAS integration into the national airspace.”

Federal Judge Halts Obama Amnesty; White House to Appeal

By
Homeland Security Today
-

A federal judge late Monday halted President Obama’s deportation amnesty, ruling he overstepped his powers in trying to grant legal status and “benefits and privileges” to millions of illegal immigrants, in a stunning decision that chides the president and throws the White House’s plans into disarray just a day before applications were to be accepted.

Read complete report here.

House Speaker John Boehner says judge’s amnesty ruling should end filibuster, clear path for DHS spending.

Panetta: US Needs to Bolster ISIS Strategy

By
Homeland Security Today
-

The United States needs to bolster its strategy in confronting ISIS if it is going to achieve its mission of degrading and destroying the terror group, former Defense Secretary Leon Panetta said on Sunday.

Read complete report here.

Online Bank Robbers Steal Up to $1 Billion, Cyber Firm Reports

By
Homeland Security Today
-

A hacker group has stolen as much as $1 billion from banks and other financial companies worldwide since 2013 in an “unprecedented cyber-robbery,” according to computer security firm Kaspersky Lab.

Read complete report here.

Tenable Debuts Agent Based Scanning For Portable Devices

By
Homeland Security Today
-
Tenable Network Security Inc., a specialist in continuous network monitoring with clients including the Department of Defense, today announced new capabilities for its line of cybersecurity products with the availability of agent-based scanning in Nessus Manager, a new version of Tenable’s vulnerability management platform designed with enterprise users in mind.

Nessus Agents is designed to enable enterprises and government agencies to achieve and maintain compliance with security policies by discovering and assessing transient network assets and detecting vulnerabilities even when devices are not connected to the network.

“By overcoming the barriers that credentialed accessand intermittent availability of portable devices creates for security scanning, Nessus Agents help you find vulnerabilities on your network that you didn’t know existed,” said Ron Gula, CEO of Tenable Network Security.

The new Nessus Manager meanwhile provides centralized management of distributed scanners and collaboration features for the entire enterprise.

Nessus Agents are lightweight, self-contained vulnerability assessment tools that are able to run remotely on any Windows device — including laptops, mobile devices, virtual systems and desktops and servers. After downloading instructions, the agent performs a low-impact scan on schedule whether the host device is connected to the network or not. The agent collects vulnerability and configuration information and sends the results to a central Nessus server the next time the device is connected to the network for a more complete view of asset configuration and compliance.

“In today’s BYOD and work-from-home business environment, assets tend to come and go from the network and may not be connected during scheduled assessments,” said Renaud Deraison, chief product officer, Tenable Network Security. “Nessus Agents can scan portable devices and provide offline scanning for assets and vulnerable client-side software that may be unavailable during scheduled scan windows.”

One of the key features of Nessus Agents lies in its ability to blend local and remote auditing in a single product, and eliminate the need for credentialed searches — no more opening the password vault to provision device-specific scans.

“You can install agents on all desktops, servers, and portable devices without the headache of remotely managing privileged scan credentials,” Gula said. “This means you can schedule your vulnerability assessment over multiple days while protecting credentials and closing security gaps. Customers gain visibility into blind spots that were previously unavailable for vulnerability and configuration assessments.”

Agent-based assessment is supported on Windows platforms with additional operating systems on the way. Nessus Agents are available now in Nessus Manager and are expected to roll out in other Tenable products, including SecurityCenter Continuous View, later this year.

The newest addition to the Nessus product line, Nessus Manager, is designed with the enterprise in mind and provides full service scanner management, including collaboration, centralized administration and improved scheduling for multiple scanners. With Nessus Manager, vulnerability assessments can be scheduled over a number of days to ensure that all assets are discovered and assessed for comprehensive network visibility. Assessments can also be repeated multiple times and results can be shared with administrators across the organization.

Nessus Manager provides four user levels for managed access to resources based on user/group permissions. Role-based access enables sharing of scanners, schedules, policies, and results with system administrators and co-workers who are responsible for patching and remediating their systems.

Gula told Homeland Security Today that in many organizations the servers holding email, databases and customer information get the majority of the security monitoring and auditing, while mobile laptops, which are transient on the networks and not consistently operated, are difficult to audit for security weaknesses.

“Because of this," Gula said, "the best practice is to install an anti-virus agent on these mobile resources and run them with up to date threat signatures, but not patch them with up to date security fixes. This creates a thin line of defense which is easily bypassed by many attackers. The Nessus Agent gives organizations real time visibility into their biggest risks from their mobile laptop users.”

“The Nessus Agent also helps our large federal government customers who are required to perform auditing of 100 percent of their computing devices,” Gula said. “The Nessus Agent simplifies the coordination between the teams running IT and performing the audits. Without an agent, the time and method of performing an audit needs to be coordinated. With an agent, the data from the audit is available in near real time without any need for impacting IT operations. The Nessus Agent is also part of Tenable’s comprehensive continuous monitoring strategy where many different types of assessment technologies, such as log analysis, network traffic analysis and vulnerability scanning, are combined to give our customers a real time view of their entire security posture.”

Tenable said current Nessus customers can update their deployments from the Tenable Support Portal, and that at renewal time, existing Nessus Enterprise customers can upgrade to Nessus Manager at no additional charge. New customers can request an evaluation of Nessus Manager.

Ex Spies and Mathematicians Team to Battle Cyber Threats

By
Homeland Security Today
-

The last time British spies and mathematicians from Cambridge University joined forces to battle a global enemy was during World War II, to crack the Germans’ enigma code.

Seven decades later, they’ve teamed up with ex-National Security Agency agents this side of the pond to tackle the modern world’s big, unknown threat: hackers.

Read complete report here.

Contract to Develop Synthetic Polymers to Counter Chem, Bio Threats Awarded Under DARPA Program

By
Homeland Security Today
-

A $10 million contract to develop novel medicines and diagnostics that can be used to thwart bioterrorism threats or an infectious disease epidemic has been awarded to SRI Biosciences by the SPAWAR Systems Center as part of the Defense Advanced Research Projects Agency’s (DARPA) Folded Non-Natural Polymers with Biological Functions program, known as Fold F(x).

The program aims to reimagine how proteins are constructed and to develop novel medicines and diagnostics as countermeasures to chemical and biological threats. The initial goal of the program is to develop biologically active non-natural polymers that are structurally similar to naturally occurring proteins, but without their limitations, such as sensitivity to heat denaturation or chemical degradation.

To develop the new polymers, SRI is combining its expertise inmedicinal chemistry and biopolymer design with a breakthrough approach to screening vast numbers of compounds.

As a proof of concept, the team will design, synthesize and screen chemically unique libraries of 100 million non-natural polymers for activity against a variety of agents, including toxins such as ricin and viruses such as the H1N1 bird flu strain of influenza, an SRI announcement explained, adding that, “By reimagining how proteins are constructed, SRI hopes to develop novel medicines and diagnostics as countermeasures to chemical and biological threats.

“The Fold Fx program will enable broad advances in miniaturization of biodefense countermeasures, with a goal to be robust enough for long term deployment in harsh environments where natural proteins do not survive,” Homeland Security Today was told by Nathan Collins, executive director of the Discovery Sciences Section in SRI Biosciences.

“Initially,” Collins said, “the development of these man made synthetic proteins will create advanced sensors, with greater sensitivity to warn both the war fighter and civilian populations of potential exposure to bio and chemical weapon terror threats.”

Continuing, Collins told Homeland Security Today that, “As a next generation these synthetic polymers are anticipated to not only detect such agents but also neutralism them. As the program expands we expect that synthetic proteins could be applied to healthcare development of diagnostics and therapeutics for the treatment of exposure to bioterror agents – creating an entirely new form of drugs for biodefense and treatment of human diseases. We anticipate plugging these types of molecules into our screening programs to identify new diagnostics and drugs. The drug approach would be entirely new and has a range of applications in therapy.”

“The novel polymers are being made from entirely new types of monomer structures based on drug-like scaffolds with high functional group density,” SRI said. “SRI’s compound screening innovation is based on its proprietary Fiber-Optic Array Scanning Technology (FASTcell). Originally developed to identify circulating tumor cells in a blood sample, FASTcell can distinguish a single tumor cell among tens of millions of healthy ones in a few minutes. With DARPA support, SRI is expanding this technology to screen 25 million compounds in just one minute.”

“Our goal is to develop a method that can enable rapid, large-scale responses to a bioterrorism threat or an infectious disease epidemic,” said Peter Madrid, Ph.D., program director in SRI Biosciences’ Center for Chemical Biology and co-principal investigator and leader of the chemistry effort of the project. “We are looking for non-natural polymers to detect or neutralize identified chemical or biological threats. Once we find potent molecules, we will be able to produce them at mass on a large scale.”

SRI said, “The overall goal of the Fold F(x) program is to expand on the utility of proteins and DNA, and to overcome their limitations by re-engineering their polymer backbones and side chain diversity—creating new molecules with improved functionality such as stability, potency and catalytic function in environments usually hostile for biopolymers. The knowledge to design new functional molecules from first principles doesn’t exist yet. The alternative is to synthesize enormous libraries of non-natural polymers and screen for sequences that have a desired action. Finding a single effective compound, such as one that can block a virus, may require screening hundreds of millions of compounds.”

“We are taking a full departure from how nature does things to come up with new ways of mimicking protein function in a highly tailored and controlled way,” said Collins, the principal investigator of SRI’s Fold F(x) project. “Our breakthrough has been to adapt SRI’s FASTcell technology to screen libraries of non-natural polymers. It’s very exciting to be doing such novel research.”

“Initially,” SRI’s announcement said, “the program will focus on screening massive numbers of non-natural polymers for potential uses against security threats. As a proof of concept, the team will design, synthesize and screen chemically unique libraries of 100 million non-natural polymers for activity against a variety of agents, including toxins such as ricin and viruses such as the H1N1 bird flu strain of influenza. As the program evolves it may progress to include a range of possibilities, such as how to synthesize molecules to fold such that they emit light, have enhanced levels of strength or elasticity, or store power.

 

Homeland Security Committee Chairman: Radical Islamist Extremism “Spreading like Wildfire”

By
Homeland Security Today
-

With estimates that 20,000 foreign fighters—including 3,400 Westerns— from 90 countries around the globe have traveled to Syria to fight for terrorist organizations, US counterterrorism officials are becoming increasingly worried that they will return to American shores to conduct an attack on the homeland.

“We need to accurately define the threat – violent Islamist extremism – and recognize it is spreading like wildfire around the globe,” said House Committee on Homeland Security Chairman Michael McCaul (R-TX). “These fanatics want nothing less than destruction of our way of life, and now their ability to match words with deeds is growing at an astonishing rate. In recent years, their safe havens have proliferated and their ranks have swelled.”

In the wake of the Islamic State’s (ISIS) barbaric display of the horrific murder of the Jordanian pilot, the House Committee on Homeland Security held a hearing last Wednesday to examine current efforts to thwart the dual threats of foreign fighters and homegrown terror.

“This evolving Islamist terror landscape has given rise to the ―dual threats of foreign fighter returnees and homegrown terrorism,” McCaul said. “The recent terror attack in Paris, and other attacks and plots in Belgium, Germany, the UK, Australia, Canada, and here in the US are proof that the threat has surged and that the enemy is dead set on attacking the West.”

Nicholas J. Rasmussen, director of the National Counterterrorism Center, said the rate of foreign fighter travel to Syria is “without precedent,” and is due in large part to ISIS’ demonstrated mastery of social media and online tools as mechanisms for spreading propaganda. In fact, since the first of this year, ISIS has already published more than 250 official ISIS products online.

McCaul agreed, saying, “Extremists do not need to travel overseas in order to become a threat to our homeland. Through Hollywood-like propaganda videos and social media, Islamist terror groups are inciting their followers and potential recruits to wage war at home.”

“ISIS social media also gives step-by-step instructions on how to get to the fight and how to return,” Mr. McCaul added.

Rasmussen indicated that curbing the threat of foreign fighters returning to the homeland to conduct an attack will be very challenging, since there is no single pipeline for foreign fighters in and out of Syria. However, most routes involve transit through Turkey, prompting Turkey to step up its efforts to deny entry to potential foreign fighters based on information provided by the fighters’ countries of origin.

In addition, in the wake of the attacks on the offices of Charlie Hebdo in Paris, the European Union is discussing ways to enhance border controls, implement stronger watchlisting and improve information sharing.

To identify and stop foreign fighters at their borders, Rasmussen recommended countries begin “screening visa applicants; using Passenger Name Records or other data to identify potential foreign fighters; applying increased screening measures at points of departure; and a willingness to share information through INTERPOL, the UN and bilateral relationships."

Department of Homeland Security (DHS) officials told a congressional committee nearly a year ago that “the alarming number of countries that report very little — and in some cases no — lost and stolen passport data to INTERPOL for inclusion in the Stolen and Lost Travel Documents (SLTD) database” is “disturbing.”

Additionally, nearly 13,500 passports were issued by the US Department of State to individuals who used the Social Security Number (SSN), but not the name, of a deceased person. Another 24,278 passports were issued to applicants who used a likely invalid SSN, according to the results of a Government Accountability Office (GAO) review last year of a 140-case generalizable sample and a 15-case nongeneralizable sample for these two populations, respectively.

Francis X. Taylor, DHS Under Secretary of Intelligence and Analysis at the US, testified that "we are unaware of any specific, credible, imminent threat to the homeland." However, he did express concern that Americans who join violent extremist groups in Syria "could gain combat skills, violent extremist connections and possibly become persuaded to conduct organized or ‘lone-wolf’ style attacks that target US and Western interests.”

DHS emphasized that strengthening local communities as the first line of defense against violent extremism. Taylor also asserted that developing partnerships on a state and federal level, as well as between nations, is crucial to improving information sharing on terrorist activities.

Taylor noted that, “Following the Paris attacks, DHS worked with some of these countries and the Department of State to link members of civil society and community stakeholders in respective countries so that they could coordinate and build grass roots responses to the attacks in Paris.”

To track foreign fighters, this fall DHS strengthened the security of the Visa Waiver Program through enhancements to the Electronic System for Travel Authorization (ESTA). The agency hopes these improvements will facilitate visa-free travel to the US while providing an additional layer of security.

As Homeland Security Today previously reported, the 38 VWP countries where a visa is not required for US entry have to provide additional passport data, contact information and other potential names or aliases in their travel application submitted via ESTA before they can travel to the United States."

Many of the leading visa-waiver countries are seeing their citizens going to Syria to join [the Islamic State] or Al Qaeda affiliates in that country and potentially returning home with training and new skills," a senior DHS official told the Washington Post.

Late last year, legislation was introduced to suspend participation in US Visa Waiver Program for countries that fail to share pertinent traveler info on terror threats.

McCaul also expressed concern over the State Department’s desire to resettle tens of thousands of Syrian refugees in the United States, fearing “ISIS could exploit this effort in order to deploy operatives to America via a federally funded jihadi pipeline.”

Last month, McCaul wrote a letter to the State Department urging them to consider the long-term security implications of terrorist groups exploiting the refugee resettlement process. While the US has a history of welcoming refugees, McCaul believes the Syrian conflict is a special case, since Syria is the home of one of the largest confluences of Islamist terrorists in history.

“The United States has historically taken a leading role in refugee resettlement and humanitarian protections,” said McCaul. “But we cannot allow the refugee processto become a backdoor for jihadists.”

This week the White House will be holding a Countering Violent Extremism Summit to discuss domestic and international efforts to counter violent extremism. As Homeland Security Today recently reported, the Obama administration has been criticized for omitting “Islamist” from the title.

"Calling our enemies what they are is vital," said retired Lt. Gen. Michael Flynn while speaking to a group of Special Forces members recently. "Many today don’t like that type of clarity. They want us to think that our challenge is dealing with an undefined set of violent extremists or merely lone wolf actors with no ideology or network."

"But that’s just not the straight truth," he stated. "Our adversaries around the world are self-described Islamic militants. And that means … as the President of France has rightly said … that our fight is with Islamic extremists using terrorism as their means to fight."

As part of the committee’s focus on counter violent extremism, McCaul has established a Task Force on Combatting Terrorist and Foreign Fighter Travel. The task force will review US government efforts to track foreign fighters and, ultimately, provide recommendations on how these efforts can be improved.

“We must keep those barbaric terrorists out of the homeland to protect the American people,” said McCaul.

Obama’s Cyber Info-Sharing Executive Order Applauded, But Legal Protections Still Required

By
Homeland Security Today
-

President Obama Friday issued an executive order to help advance cybersecurity threat and information sharing between the public and private sectors, but it doesn’t provide legal protection for companies that share such information.

While some observers have asserted businesses and privacy advocates’ argument that cyber info-sharing is doomed to fail without legal liability protections, the Cyber Threat Sharing Act of 2015 introduced Wednesday by Sen. Tom Carper (D-Del.), ranking member of the Senate Committee on Homeland Security and Governmental Affairs, “would take critical steps to remove barriers in order to increase the sharing of cyber threat data between private industry and the federal government,” his office said.

“Today, those seeking to do us harm do not need to travel thousands of miles to carry out an attack,” Carper said in announcing his legislation. “They can disrupt our lives and cause great damage with just a few keystrokes at a computer. Last year, Congress made strides in bolstering our nation’s cyber defenses by passing four cybersecurity bills that strengthen our national security and help modernize our nation’s cybersecurity and cyber workforce. But more must be done. One of our top priorities in Congress must be to promote the sharing of cyber threat data among the private sector and the federal government to defend against cyber-attacks and encourage better coordination.”

The legislation coincided with Obama’s Fiscal Year 2016 $14 billion budget proposal to shore up the government’s ability to deal with cyber threats to federal and private systems.

When Obama first proposed cybersecurity legislation in January to allow the private sector to share more information on cyber threats with protection from liability, criminalize the sale of stolen financial data and require companies to notify consumers about data breaches, it was met with mixed reaction from both Capitol Hill and industry experts because of the lack of legal protections for info-sharing liability and privacy issues.

In light of the failure of Obama’s executive order to specifically address these concerns, the business community and cyber authorities remain skeptical.

There is “No protection from liability – without this feature, the information sharing that all parties agree is essential to address cyber threats – which the President referred to in his speech preceding his signing of the executive order as a ‘cyber arms race’ – simply will not occur,” said Robert Cattanach, a partner at the international law firm Dorsey & Whitney and a former trial attorney for the Department of Justice and special counsel to the Secretary of the Navy specializing in cybersecurity matters.

He also said there’s “No carrot for Congress – the executive order implicitly concedes that liability protection requireslegislation. The President ticked off a number of recently proposed legislative initiatives emanating from the White House, including a National Breach Notification law, a Privacy Bill of Rights, Student Digital Privacy and others. But, little, if any, progress has been made in the Congress, and no committee chairs have taken meaningful leadership steps to move any legislation of these subjects forward in the near term.”

“We applaud the White House’s commitment to information sharing initiatives that will help our country ward off damaging cyberattacks,” said Tim Pawlenty, President & CEO of the Financial Services Roundtable (FSR),” adding, “We hope this will push Congress to swiftly enact cyber threat information sharing legislation that provides strong liability protections so companies can share critical threats with each other and the government as they work to protect customers from the next major cyberattack.”

The FSR said, “The executive order calls on the private sector to develop a new mechanism for threat sharing,” but, “Because executive action cannot enact liability protections, legislative action is still needed from Congress. FSR urges Congress to act quickly to pass effective cyber threat information sharing legislation.”

However, Sen. Tom Carper (D-Del.), ranking member of the Senate Committee on Homeland Security and Governmental Affairs, said, the Cyber Threat Sharing Act of 2015 he introduced this past week “builds on the cybersecurity bills President Obama signed into law last year by empowering companies with clear legal authority and liability protection to share critical data while still maintaining privacy protections. This bill reflects the valuable input of the administration and incorporates insights and advice from our committee’s hearing on the topic earlier this month.”

“Introduction of this bill is the logical next step in this conversation,” Carper continued, adding, “I value the work the leaders of the Senate Intelligence Committee and others have done on this issue. I invite and encourage all stakeholders to engage with my colleagues on the Homeland Security and Governmental Affairs Committee and me and provide feedback on how we can make this bill better in an open and transparent process. We must all work together to find a legislative solution that will address our cybersecurity needs while upholding the civil liberties we all cherish. And given the threats we face today, we must move with a sense of urgency. The country is counting on us.”

The Cyber Threat Sharing Act of 2015 would increase the sharing of cyber threat data to help combat cyber attacks in several key ways. It would authorize the sharing of critical information and provide liability protections; clearly authorize the sharing of cyber threat data with the National Cybersecurity and Communications Integration Center (NCCIC) at the Department of Homeland Security and information sharing and analysis organizations that have self-certified that they follow best practices for the operation of such organizations.

“The bill makes clear that any cyber data sharing and analysis center or private organization can self-certify as an information sharing and analysis organization under the bill,” Carpers’s office said, noting that, ‘The bill grants liability protections to companies for sharing cyber threat data with the NCCIC or an information sharing and analysis organization that has self-certified it is following best practices.”

“Now, more than ever, Congress must take aggressive action to remove legal barriers to improve private entities’ ability to share information to combat these attacks,” House Committee on Homeland Security Chairman Michael McCaul (R-Texas), said Friday.

McCaul said, “Last year, I shepherded bipartisan cybersecurity legislation through Congress and into law, including a bill to authorize [the] Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). My committee is now taking the next steps and working on new legislation, which will include liability protections for cyber threat information sharing. While I am glad that the president finally came to the table on this issue and delivered a proposal to Congress last month, many questions remain. This hearing will examine the details of his plan and help to inform our legislative process, as we work with our partners in the House and Senate on this issue.”

Last Congress, the Senate Committee on Homeland Security and Governmental Affairs Committee authored several cybersecurity bills which Obama signed into law in December, including the Federal Information Security Modernization Act to update the Federal Information Security Management Act, the National Cybersecurity Protection Act of 2014 authorizing a National Cybersecurity and Communications Integration Center at the Department of Homeland Security for information sharing, and two bills to improve the federal cybersecurity workforce — the Cybersecurity Workforce Assessment Act and the Border Patrol Pay Reform Act which contained provisions from the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014.

“As the President observed," Cattanach said, "addressing cyber threats is not a partisan issue. But the conflicting tension between prompt sharing of cyber threat information, and the need to protect individual privacy and civil liberties, is formidable and will not abate any time soon. The White House and Congress need to set aside intractable political agendas and work together to prioritize legislative initiatives on cyber issues – pass something, and use the momentum from that to make progress on the harder issues.”

He added that they also need to, “Articulate a credible and effective policy that addresses hack-backs – if the private sector is expected to do nothing to defend itself out of fear the FBI will investigate it for violating the Computer Fraud and Abuse Act (CFAA), then the government needs to step forward and respond with appropriate measures under appropriate circumstances.”

Ian Amit, Vice President of ZeroFOX, said, “The CFAA should be updated and amended to a reasonable criminal prosecution procedure, while allowing innovation and research to coincide with the ever-evolving industry. Stifling innovation in the name of prosecuting low hanging fruit has proven to be detrimental to openness to further innovation. It has also raised major issues with constitutional rights, which will hopefully result in the CFAA being amended based on professional, technical, and legal guidance.”

“Strengthening public-private collaboration in the form of providing incentives and safe-harbor for breach notification and threat information sharing,” is also required, Amit said. “Currently, companies are not keen to notify on breaches when it is not mandated to by law/regulation. This situation endangers whole industry segments that may be under the same kinds of threats.”

Consequently, Amit said, “legislation [must be established] around cybersecurity malpractice and liability for both practitioners (consulting companies) as well as organizations (i.e. chain of management up to the board). The current situation involves incompetent practitioners offering a ‘clean bill of health’ and creates a false sense of security, which leads to major breaches that have an impact on the economy at large. Additionally, even when proper guidance and advice is provided by practitioners, organizations can choose to neglect, ignore or assume the risk. Such negligence leaves millions of Americans at risk."

Dave Frymier, Unisys’ CISO, said he believes the privacy and surveillance concerns are overblown and shortsighted.

He pointed out that, “Similar information sharing programs are currently working successfully in the Department of Defense (DoD).”

“The rewards of such a program far outweigh the risks associated, which is why thiswill ultimately lead to its long-term success,” Frymier said, emphasizing that, “There is an example of how this can work in the DoD. They are six years into a voluntary information sharing program among cleared defense contractors. The program is governed by a framework agreement which describes the terms and conditions of onward transfer of any shared information. Its longevity demonstrates it clearly works – so both sides must be getting enough out of it to make it worth doing.”

“I think the privacy and/or surveillance concerns are both overblown and shortsighted,” Frymier reiterated, saying, “As long as the program is voluntary, the entity sharing the information can redact it to whatever extent their lawyers feel comfortable with. Not doing information sharing in the face of the current cyber threats because of privacy concerns is like not getting cancer therapy because you fear the side effects of radiation.”

Cattanach also said there’s “no mention of cyber counterattacks in Obama’s executive order.

“While the President hinted at the need to ‘disrupt attacks’ underway,” Cattanach said, “the simple truth is that such attacks are almost always over before they are discovered; disrupting an ongoing attack is probably something that those in the private sector with an appetite for risk could probably undertake without clearly violating the Computer Fraud and Abuse Act. But a meaningful response to cyber terrorism requires more. It is time for the White House and Congress to join forces and articulate a clear public policy, backed up by meaningful resources, to respond to bad actors that have been identified as responsible for cyber terrorism.”

FACT SHEET: White House Summit on Cybersecurity and Consumer Protection.

Updated Department of Homeland Security Cybersecurity Authority and Information Sharing.

Updated Law Enforcement Provisions Related to Computer Security

Updated Data Breach Notification

1...3,2243,2253,226...3,251Page 3,225 of 3,251
All content copyright ©2024 Homeland Security Today. All rights reserved.

POWERED BY MHA Visuals