institutions have an evolving responsibility “thatFinancial extends beyond protecting our own infrastructure; we must now serve as educators to teach our customers, especially businesses, how to identify and avoid digital threats. The best way we can strengthen our cyber defenses is to arm our consumers with up-todate knowledge of potential schemes. Pat Rourke
Pat Rourke, Phoenix market president, Bankers Trust
he internet has made us more connected than at any time in history. But with that connection comes an increased need to secure cyberspace to protect our way of life, experts insist. Cyber attackers and criminals exploit vulnerabilities to steal information and money, and the number of cyber attacks against United States companies continues to grow in frequency and severity. Recent cyber attacks include Anthem Blue Cross and Blue Shield, United Airlines and American Airlines. Cyber attacks and hacks cost the average American company $15.4 million per year, double the global average, Michael Kelly according to an October 2015 report by Hewlett Packard and the Ponemon Institute. According to the Department of Homeland Security, cyberspace is diﬃcult to secure due to a number of factors: • The ability of malicious actors to operate from anywhere • The linkages between cyberspace and physical systems • The diﬃculty of reducing Chuck Matthews vulnerabilities and consequences in complex cyber networks In an age where computer hacks are common and the need for privacy is greater than ever, we have found a debate. How do we balance keeping people and businesses secure while protecting their privacy?
PROPOSED LEGISLATION To combat cybercrime, the U.S. Senate passed legislation aimed at strengthening the country’s cyber
defenses by protecting companies that share cyber threat data with the government. The Cybersecurity Information Sharing Act of 2015 (CISA) would expand liability protections to companies that choose to voluntarily share cyber threat data with the government. Additionally, under consideration in Congress are House-originated bills that include the Protecting Cyber Networks Act and the National CyberSecurity Protection Advancement Act of 2015. Both modify past legislation. The CISA calls for the director of National Intelligence, the Department of Homeland Security, the Department of Defense and the Department of Justice to develop and communicate procedures for creating information sharing on cybersecurity threats, said Chuck Matthews the chairman and CEO of WGM Associates, a local provider of consulting, managed IT services, managed security services and application development.
ADVOCATES The Senate bill is designed for companies to share cybersecurity threat data with the Department of Homeland Security, who could then pass it on to other agencies like the FBI and NSA, who would use the information to defend the target company and others facing similar attacks. Advocates claim that sharing threat information can facilitate a more eﬀective protection of information systems. Often, private-sector companies express unwillingness to share information due to concerns about legal liability. “The proposed legislation would give businesses legal certainty that they have safe harbor against frivolous lawsuits when voluntarily sharing,” Matthews said.
OPPONENTS “The problem is that no one trusts anybody,” said Russell Smoldon, CEO of B3 Strategies, a government policy and public relations firm. Some feel like it gives the government too much power and strips away people’s privacy, Smoldon said. Opponents say the legislation does not do enough and could allow the government to snoop even more. They AB | January - February 2016