It’s sad to say but governments and businesses don’t seem to be winning the cyber security war. These criminals are becoming so sophisticated that it’s starting to look like an NFL team playing against a high school football squad. Today 80 to 90 million cyber security attacks are launched annually and only 30% are detected. As hackers become more persistent and successful, organizations of all sizes are struggling to defend their infrastructures, customers and private data.
Let's dive into what the Cybersecurity Information Sharing Act (CISA) is all about and how it could effect you.
If there’s one thing that governments and businesses can agree on, things have to change if we want to eliminate these threats on a permanent basis. As a result, the government is stepping in with an effort to help change the big picture. Now, a new law is in the works—the Cybersecurity Information Sharing Act (CISA), which passed through the Senate on October 27, 2015.
Of course the first question everyone is asking —how much will it really help?
As far as laws go, the CISA proposal is actually fairly simple. In an effort to improve cyber security, CISA gives private companies a system for sharing information with the federal government as it pertains to cyber protection. Threat information can then be shared with the Department of Homeland Security, the FBI or NSA for further investigation.
CISA prevents any personally identifiable information (PII) from being shared and mandates that data can be shared and used for security purposes only. The hope is that CISA will enable businesses and governmental agencies to work together to change the dreary cyber security picture—but it’s not without opposition.
Opponents of CISA point out the privacy concerns regarding a company deciding to share information when customers have not been given the chance to approve it. Privacy concerns have led to over a year of debate over the bill, but there’s a bigger question at hand—will CISA even help the cyber security outlook?
There is a lot of debate surrounding the effectiveness of CISA from a defense perspective. In fact, the Princeton Center for Information Technology Policy makes a good point saying that this bill will fail to encourage companies to improve their cyber security defenses if they can just send their data to the government. But do they have the data they need to make it worthwhile? Clearly, companies must be missing something or there wouldn’t be so many breaches to discuss.
In truth, many companies just don’t have the level of visibility they need to see the whole threat. It’s mainly because their security solutions aren’t seeing 100% of a network’s traffic so they can’t fully characterize the attacks lobbied against them. Too many companies are still using SPAN ports to connect their security appliances, opening the door for dropped packets and insufficient visibility. Additionally, companies need to have a process in place to understand their baseline traffic, ie. “what is normal?” Because they then can ‘see’ what is NOT normal or possible aberrant behavior. Once a total picture of the network is visible, traffic then they can relate a more valuable well of information to share with others.
Privacy concerns aside, shared information could be the key to stopping cyber threats in their tracks. After all, cyber criminals communicate underground and collaborate to improve their attacks. It makes sense for companies to stop thinking they can combat cyber crime on their own. However, before everyone starts sharing information, more needs to be done to ensure network traffic visibility. And the only reliable way for security appliances to see 100% of traffic is with properly connected network TAPs.
Protect your company’s assets by implementing the right network design in your security projects, download Garland Technology’s guide, Optimizing Network Design in Security Projects.