Business Roundtable backs CISPA approach to cybersecurity
Influential association of CEOs says threat information sharing key to securing critical infrastructure, but rejects new rules
Computerworld - A cybersecurity proposal released Wedneday by the influential Business Roundtable supports many of the provisions contained in the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that was passed by the U.S. House of Representatives last year.
The roundtable's 32-page report rejects new federal cybersecurity regulations and instead espouses a more self-regulatory approach in which private industry will work with the government to secure the nation's critical assets against cyberthreats.
The Business Roundtable represents the CEOs of hundreds of leading U.S. companies from virtually every major industry including critical infrastructure areas such as oil, gas, financial services, telecom and the power sector. The association claims that its members generate a combined $7.3 trillion in annual revenues and employ nearly 16 million employees worldwide.
This is the first time that the BRT has issued such detailed recommendations for cybersecurity and the proposals contained in its report are sure to be welcomed by supporters of the largely Republican-backed CISPA bill.
The CISPA bill is somewhat at odds with a White House backed Senate bill called the Cybersecurity Act of 2012 which calls for a more regulatory approach to address cybersecurity risks in critical infrastructure. That bill died in Congress last year, prompting the White House to announce that it would issue a cybersecurity executive order for protecting critical assets.
Like the CISPA bill, the roundtable's proposal too advocates a two-way information sharing approach in which private sector companies and government agencies such as the DHS and the National Security Agency will share cyber threat information and intelligence with each other. The goal of such information sharing is to enable quicker detection and mitigation of emerging threats against critical infrastructure targets. Private companies have long maintained that such threat information sharing is essential to their ability to fight cyberthreats.
However, several privacy advocates, rights groups and even lawmakers have expressed concern over large-scale information sharing between the government and private sector, even if it is meant to bolster security. They are concerned it would allow the government to snoop on and collect an unprecedented amount of information on Internet users under the pretext of cybersecurity.
In addition to enabling information sharing, the government also needs to take the lead in developing new collaborative threat-based risk management and mitigation strategies, the Business Roundtable said in its report.
The association's report called on the government to take the lead in identifying the most severe risks and consequences of a cyberattack in specific sectors. Based on the threat information provided by the government. Companies will then work to identify high-risk assets and collaborate with the government on ways to address those risks. As part of that effort, roundtable-affiliated companies will make any technology and process changes that may be needed to bolster cybersecurity, the report noted.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Mobile Applications Case Study: 8 Billion Transactions a Day The story documents how the online brokerage company tradeMONSTER created a custom mobile app and the success gleaned from this initiative. Also covered...
- Who's afraid of the big (data) bad wolf? Survive the big data storm by getting ahead of integration and governance functional requirements This paper provides a detailed review of the best practices clients should consider before embarking on their big data integration projects.
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources... All Cybercrime and Hacking White Papers | Webcasts