IT Support and Hardware for Clinics
38.4K views | +3 today
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...!

Info-Sharing Bills: What Happens Next?

Info-Sharing Bills: What Happens Next? | IT Support and Hardware for Clinics |

As the House prepares to vote this week on two cyberthreat information sharing bills, their fates will rest as much on the White House's reaction to the proposals as on what happens in Congress.

The House Rules Committee on April 21 will consider amendments to both bills, the Protecting Cyber Networks Act that the Intelligence Committee approved on March 26 in a secret session and the National Cybersecurity Protection Advancement Act that the Homeland Security Committee passed unanimously on April 14. A vote by the full House is slated to occur on April 23 for the Intelligence Committee version of the bill and on April 24 on the Homeland Security version.

 Although the White House is not getting everything it seeks in a cyberthreat information sharing law, the legislation offers more of what President Obama seeks than did CISPA. 

Before the floor votes take place, the White House could issue a Statement of Administration Policy, which provides the administration's view on whether President Obama should sign or veto the legislation. The administration usually issues SAPs after a committee approves the bill but before the full chamber votes on it.

Recalling CISPA

The House in the past two congresses had passed cyberthreat information sharing bills, both known as the Cyber Intelligence Sharing and Protection Act, or CISPA, and in each case the White House threatened a presidential veto. The administration, in both instances, contended the legislation failed to provide sufficient privacy and civil liberties safeguards for citizens' personal information while furnishing businesses with too broad liability protections when they voluntarily share cyberthreat information with the government and each other.

For the White House, the Intelligence Committee version of the information sharing bill could prove more problematic. It's closer to CISPA than is the Homeland Security Committee's version and has attracted the wrath of civil liberties and privacy advocates. The Protecting Cyber Networks Act would allow the sharing of citizens' information with intelligence agencies such as the National Security Agency and law enforcement.

On the other hand, the Homeland Security Committee's National Cybersecurity Protection Advancement Act incorporates language that explicitly states that sharing such information with intelligence and law enforcement agencies would be prohibited, except if it should help mitigate a cyber-attack. Some privacy experts contend that even with that proviso, some private information could find its way to intelligence and law enforcement agencies.

Added Privacy Protections

Still, the National Cybersecurity Protection Advancement Act has been amended to provide many more privacy and civil liberties' protections to citizens than does the Intelligence Committee's bill. And both bills furnish businesses with broad liability protections that would extend such safeguards to companies even if they choose not to share cyberthreat information with the government. It's unclear whether changes that appear in these bills pass muster with the administration and address its concerns regarding privacy and civil liberties' safeguards and business liability protections.

Businesses want those broad protections, and the Financial Services Roundtable, a banking industry lobbying group, has posted a Web advertisement, titled Stop Cyber Threats, calling on voters to lobby Congress to take swift action on cyberthreat sharing legislation.

It's likely, but not inevitable, that if the White House issues an SAP on the Protecting Cyber Networks Act, it would say that senior administration officials would recommend an Obama veto. As for the National Cybersecurity Protection Advancement Act, it's less clear what the White House will say. The committee members did meet many of the objections raised over CISPA regarding privacy and civil liberties' projections, although the bill doesn't seem to meet the concerns raised about broad liability protection.

What Will Obama Do?

Remember, lawmaking involves compromise, and although the White House is not getting everything it seeks in a cyberthreat information sharing law, the legislation offers more of what Obama seeks than did CISPA, and the president might support it, perhaps conditionally.

Of course, the Senate has to take action as well.

On March 12, the Senate Intelligence Committee approved a bill more similar to the Protecting Cyber Networks Act from its House counterpart than the National Cybersecurity Protection Advancement Act offered by the House Homeland Security panel. Senate Majority Leader Mike McConnell, R-Ky., says he hopes to bring that measure up for a vote shortly, though he provided no specific timeframe.

Sen. Ron Wyden, D-Ore., the only Senate Intelligence Committee member who voted against the bill in committee, said last week that "a good group of senators" seeks to amend the measure to add privacy protection when it comes up for a vote before the entire Senate, according to The Hill.

Limits of Executive Order

Obama earlier this year issued an executive order to establish a process for businesses to share cyberthreat information through the Department of Homeland Security's National Cybersecurity & Communications Integration Center. But Obama on his own cannot provide businesses with the protection from legal actions for sharing cyberthreat information; that requires a new law enacted by Congress.

Passage of both House bills in the lower chamber is almost a certainty, and if - and that's a big if because the Senate never voted on a cyberthreat information sharing bill in the past two congresses - the upper chamber approves information sharing legislation, a conference between the House and Senate would iron out differences among the various measures, and produce a final bill. By then, the president's views on how far he'd compromise would be known, and a bill acceptable to the House, Senate and White House could become law.

No comment yet.!

Obama to sign executive order on cybersecurity info-sharing

Obama to sign executive order on cybersecurity info-sharing | IT Support and Hardware for Clinics |

President Obama on Friday plans to sign an executive order to promote sharing of information on cybersecurity threats among businesses and between the private sector and government agencies.

The executive order is meant to establish a framework to help those private and public entities quickly identify and protect against online threats by malicious hackers, including those in the employ of criminal organizations or foreign nations.

Companies that have committed themselves to that framework include Apple, Intel, Bank of America and Pacific Gas & Electric.

On Friday, the president will be at Stanford University for a summit on cybersecurity hosted by the White House that will bring together senior leaders in the government and CEOs from the financial, tech and computer-security industries.

Cybersecurity has come front and center for the administration. During his State of the Union address in January, for instance, the president proposed adding $14 billion to the 2016 budget to better protect government and corporate computer systems from hackers. He has also pushed for Congress to pass legislation to help shore up cybersecurity in the US.

And for good reason. Hacks on private businesses and government offices seemed rampant throughout 2014, with little reason to hope those attacks will abate in the coming year and beyond. Last month, the latest banner-headline incident involved the insurance provider Anthem, which revealed that hackers had broken into its computer systems and accessed the personal data of 80 million people. That followed from massive incursions at retailers Target and Home Depot and banking firm JP Morgan.

To even greater notoriety, hackers last November breached the computer network at Sony Pictures, spilling details of the inner workings of Hollywood studios and leading the way to an international incident over the comedy "The Interview." President Obama has pointed to North Korea as the likely culprit behind that cyber break-in.

No comment yet.!

Sony Hack a 'National Security Matter'

Sony Hack a 'National Security Matter' | IT Support and Hardware for Clinics |

The White House says that it's treating the malware attack against Sony Pictures Entertainment and subsequent data leaks as a "national security matter." But the administration says it's too early in its investigation into the attack to definitively attribute the attacks to any particular group or nation state.

"This is something that's being treated as a serious national security matter," White House Press Secretary Josh Earnest told reporters in a Dec. 18 briefing. "There is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor. And it is being treated by those investigative agencies, both at the FBI and the Department of Justice, as seriously as you would expect."

The hacker attack against Sony has reportedly included data theft and, on Nov. 24, wiper malware being used to erase Sony data. That's been followed by ongoing data leaks and other threats against Sony Pictures Entertainment and its employees.

Earnest says the ongoing attack "has also been the subject of a number of daily meetings that have been convened here at the White House," led by homeland security adviser Lisa Monaco and cybersecurity coordinator Michael Daniel and including representatives from intelligence, diplomatic, military and law enforcement agencies.

A group that calls itself the Guardians of Peace has claimed credit for the attack against Sony Pictures, including the leaks of stolen data, which has included top Sony Pictures executives' Outlook e-mail spools. After "G.O.P." launched its attacks and began leaking data, however, the group then claimed it would stop the data leaks if Sony canceled its forthcoming comedy "The Interview," which centers on a tabloid TV reporting team that gets approached by the CIA to assassinate Kim Jong-un, who heads the Pyongyang-based communist dictatorship that rules North Korea.

After G.O.P. published a "terror" threat against movie theaters, U.S. theater chains announced that they would not show the film. Subsequently, Sony announced that it would shelve "The Interview" indefinitely, which has sparked a further backlash against the already beleaguered movie and television studio.

Investigation Still 'Progressing'

In response to questions about whether North Korea launched or sponsored the Sony attack, Earnest said that while the investigation is "progressing," he was not yet able to comment on that question, Reuters reports. But he said that the administration "would be mindful of the fact that we need a proportional response," and cautioned that the people behind these types of malicious attacks were "often seeking to provoke a response."

"They may believe that a response from us in one fashion or another would be advantageous to them," Earnest said, for example, by focusing international attention on their agenda, or increasing their standing with peers.

Ken Westin, a security analyst at information security vendor Tripwire, says it is premature to attribute the Sony hack to any specific group or nation. "FBI notices have been sent out stating specifically no connection has been made and that the investigation is still under way," he says.

While the White House and FBI say it's too soon to blame the hack attack against Sony Pictures - which is a subsidiary of Japanese multinational conglomerate Sony - on any particular group or actor, other government officials have nevertheless been sharing their own theories with multiple media outlets. "We have found linkage to the North Korean government," a "U.S. government source" tells NBC News, which reports that the attack against Sony appeared to have been launched from outside North Korea. But no evidence was supplied that might confirm any supposed linkage to Pyongyang having participated in or ordered up the attacks.

Information security experts, meanwhile, have warned against reading too much into any supposed "linkage" between the Sony hack and North Korea, or the fact that unnamed government sources told the New York Times that North Korea was "centrally involved" in the attack against Sony, saying such suppositions have yet to be confirmed by the release of any supporting facts. In fact, security experts warn, the information being cited by unnamed government officials at times seems to contradict suggestions of Pyongyang involvement.

"People don't seem to be reading past the headline or first couple of paragraphs," says CEO and security expert Brian Martin, a.k.a. Jericho, in a blog post, referring to the New York Times report. "What seems like a strong, definitive piece falls apart and begins to contradict itself entirely halfway through the article."

Intelligence Not 100% Reliable

Furthermore, what one unnamed intelligence source believes may not square with another intelligence source, warns Jeffrey Carr, CEO of threat-intelligence sharing firm Gaia International. He says the intelligence community "is rarely unified when it comes to intelligence analysis; especially cyber-intelligence."

Carr and other security experts have also warned that whoever is sharing supposed Sony-related intelligence may also have a political agenda. "Cybersecurity has become an increasingly political topic thanks to recent NSA revelations and increased defense spending being allocated to cyber defense - and offense - not to mention issues of pirating, net neutrality, privacy and related topics, all of which the Sony breach touches on," Tripwire's Westin says.

Despite the lack of solid evidence that proves North Korea is responsible for the Sony attack, some commentators have been referring to the hack against Sony in military terms. Former Congressman Newt Gingrich, for example, claims that "with the Sony collapse America has lost its first cyberwar."

But security experts have cautioned against jumping to conclusions. "I've said it for a week, and I must say it again," Martin of says. "How about we wait for actual evidence. ... Remember, North Korea is the same country that threatened the U.S. with a nuclear missile earlier this year. They like to rattle their saber at everyone, but it doesn't mean they actually did anything."

Kyle Greene's curator insight, October 18, 2017 11:59 AM

Cyber Security is a growing concern among all companies in the Entertainment and Media industries. This article addresses the notion that the treaty to companies cyber security is so prominent that government agencies such as the White House and the FBI. I feel that this article is a reliable source because it is from a website hosted by Cyber Security workers, and authors who have first hand experience in Cyber Security.!

Obama recruits Apple, tech giants to reveal new slew of cybersecurity proposals

Obama recruits Apple, tech giants to reveal new slew of cybersecurity proposals | IT Support and Hardware for Clinics |

The federal government can't protect your cyber data by itself.

That's why President Obama is expected to unveil executive actions Friday designed to increase information sharing among private sector companies and federal law enforcement.

At a cybersecurity summit to be held on the Stanford University campus Friday, Obama will announce initiatives to form organizations that will gather, share and analyze information, as well as ease access to cybersecurity threat information for corporate entities. The executive order is also expected to enable the Department of Homeland Security (DHS) to better manage the flow of information into the government.

The administration says strengthening the federal government's capabilities is becoming increasingly necessary to protect American consumers.

"Cybersecurity and consumer protection are two sides of the same coin," Obama's economic adviser, Jeff Zients said, in a briefing with reporters. "When a company invests in strong cybersecurity, they are protecting not just their own networks, but in most cases their customers' information and security as well."

The White House is introducing these policies after several large-scale security hacks have claimed major corporate victims like retail giant Target and Anthem, America's second largest health care insurance provider. These breaches have put the personal information of millions of Americans at risk, compromising everything from addresses and birth dates to Social Security numbers.

But, as White House Cybersecurity Coordinator Michael Daniel admits, it's going to take more than just the government to patch these cybersecurity holes.

"No one can do this mission by themselves," Daniel said. "As you look at all the things we want to do to drive the growth in the digital economy, it's clearly something that has to be done in partnership with the private sector and the federal government."

So they're turning to Silicon Valley for help.

In the wake of recent cyber attacks, several private industry titans are expected to embrace these new measures.

Apple and Intel will be attending as the summit's big tech names, while several financial companies are also backing the administration's moves. MasterCard, AIG, and Bank of America are also among those expected to have representative at the summit.

Companies like Intel believe the Cybersecurity Framework (CSF) first outlined in February of 2014 is, in fact, a practical plan to implement.

"Now that we have tested the framework ourselves, we can say that it provides clear and demonstrable benefits," an Intel spokesperson said. "Given that the CSF focuses on risk management rather than compliance, we believe it has the potential to help transform cybersecurity on a global scale."

Intel further attempted to dispel fears with a white paper published Thursday titled "We Tried the NIST Framework and It Works."

But skepticism persists, especially from privacy hawks like the American Civil Liberties Union, who are particularly concerned with government overreach in cyberspace.

"It's not clear that we need to open the door wider," ACLU policy advisor Gabe Rottman told CBS News. The assertion is that Americans also need protection from the government.

"Information that identifies who we associate with--our financial activities, our healthcare information, information that identifies those aspects of our lives and then identifies us--that information needs to be stripped out unless it's necessary to address the cyber security threat. And the proposals for information sharing that have come out from both Congress and the White House don't sufficiently ensure that that happens," Rottman said.

In a nod to these concerns, White House Cybersecurity Coordinator Michael Daniel acknowledged that: "It is neither appropriate, nor would Americans want, for all network be carried out by the government. It's not even physically possible."

It's one of several steps the White House has recently taken to increase cybersecurity protections. Homeland Security Adviser Lisa Monaco announced Tuesday the creation of a new federal agency that will coordinate threat responses and intelligence across government entities. The Cyber Intelligence Integration Center is expected to facilitate investigations and "connect the dots" undertaken by the National Security Agency, the Federal Bureau of Investigation, and other intelligence operations.

Via Paulo Félix
No comment yet.!

Sony: N. Korea Warns of 'Consequences'

Sony: N. Korea Warns of 'Consequences' | IT Support and Hardware for Clinics |

North Korea has denied the Obama administration's allegations that it launched the hack attack against Sony Pictures Entertainment and demanded that a joint investigation with the U.S. into the incident be launched. The secretive communist regime, based in Pyongyang, also promised there would be "grave consequences" if the United States failed to agree to the joint probe.

The North Korean demands follow the FBI on Dec. 19 reporting that its analysis of the Sony hack attack - based on the tools, infrastructure and techniques used - found that the attack had been launched by Pyongyang. But multiple information security experts have questioned that attribution and called on the bureau to publish detailed evidence to sustain those claims.

Some commentators have characterized the hack attack against Sony Pictures as an act of "cyberwar," although President Barack Obama has strongly dismissed such assertions. "I don't think it was an act of war," Obama told CNN in an interview that was taped Dec. 19. "I think it was an act of cyber vandalism that was very costly, very expensive. We take it very seriously. We will respond proportionately, as I said."

Obama suggested, for example, that North Korea might be added again to the State Department list of countries that sponsor terrorism. The country was first added to that list in 1987 after two of its agents blew up a South Korean airliner in mid-air, killing all 151 people aboard. In 2008, the country was removed from that list by the administration of former President George W. Bush, as part of denuclearization talks.

Sen. John McCain, R-Ariz., the incoming chairman of the Senate Armed Services Committee, has sought to define the Sony hack in stronger terms than Obama. "The president does not understand that this is the manifestation of a new form of warfare," McCain told CNN. "When you destroy economies and are able to impose censorship on the world ... it's more than vandalism, it's a new form of warfare." McCain says he plans to hold hearings on the hack-attack against Sony in the first two weeks after Congress reconvenes on Jan. 3, 2015.

Hack Tied To Film?

Following the FBI publishing its hack-attack attribution, President Obama promised in a Dec. 19 press conference that the U.S. would react "proportionately" to North Korea's actions. "They caused a lot of damage, and we will respond," he said. The hack attack appeared to have been sparked by Sony Pictures comedy "The Interview" - previously due for a Dec. 25 release - about a pair of tabloid TV reporters traveling to Pyongyang to interview dictator Kim Jong-un, who are approached by the CIA to kill him instead.

North Korea has responded to Obama's allegations by not only demanding the joint investigation, but with its National Defense Commission - led by Kim Jong-un - warning that the country's 1.1 million-strong army stands ready to fight the United States. "Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism, by far surpassing the 'symmetric counteraction' declared by Obama," the commission said in a statement provided to the state-sponsored Korean Central News Agency.

In recent days, the secretive communist regime has also threatened to increase its nuclear capabilities in response to an ongoing United Nations inquiry, which has recommended referring the country's leadership - including Kim Jong-un - to the International Criminal Court, to be tried for crimes against humanity.

Pyongyang previously demanded a joint investigation into the sinking of the South Korean navy ship Cheonan in 2010, in which 46 crew members died. South Korea rejected that request and assembled a team of international experts, who concluded that the ship had been sunk by a North Korean submarine's surprise torpedo attack.

Obama Criticizes Sony

Obama also said it had been a "mistake" for Sony to announce that it would cancel "The Interview" in response to threats from a group calling itself the "Guardians of Peace," which quickly claimed credit for the hack attack, which appeared to have begun as an extortion attempt with no connection to the film. After threatening Sony employees, the group subsequently issued a "terror" threat to all movie theaters and theatergoers that showed "The Interview." But "G.O.P." claimed it would cease leaking stolen Sony data if the entertainment firm canceled the film, which centered on a pair of tabloid TV reporters traveling the Pyongyang to interview Kim Jong-un, who are approached by the CIA to kill him instead.

In a statement uploaded Dec. 18 to text-sharing website Pastebin, meanwhile, G.O.P. revised its demand that "The Interview" never be released, saying "you have suffered through enough threats" and that the studio was now free to release the film, so long as it removed the Kim Jong-un death scene. "September 11 may happen again if you don't comply with the rules," it said.

Sony Pictures CEO Comments

In response to Obama's comments - and sustained criticism from numerous other politicians, entertainers and commentators - Sony Pictures chief executive Michael Lynton told CNN Dec. 19 that the studio had "not caved" to hackers. Rather, he said Sony was forced to shelve the movie, at least temporarily, when theaters said they would not show it. Reversing previous statements made by Sony officials, Lynton said Sony is now exploring other distribution options, including potentially releasing the film via Google's YouTube.

"We would still like the public to see this movie, absolutely," Lynton said. "There are a number of options open to us. And we have considered those, and are considering them." Sony has also hired a celebrity spin doctor to help it try to recover from the hack attack and negative publicity sparked by the contents of executives' leaked Outlook e-mail spools. Many industry watchers think that corporate parent Sony will sell Sony Pictures Entertainment - formerly known as Columbia Pictures and bought by Sony in 1989 - to rid itself of the ongoing public relations saga.

US-CERT Details Sony Wiper Malware

More information has now come to light on the malware that was used to attack Sony, via the U.S. Computer Emergency Response Team issuing an advisory Dec. 19 about a server message block worm that was recently used to target "a major entertainment company."

"This tool contains five components - a listening implant, lightweight backdoor, proxy tool, destructive hard drive tool, and destructive target cleaning tool," the alert warns. The worm spreads by brute-force guessing passwords for Windows SMB shares, and "phones home" to a command-and-control server every five minutes. The malware includes file-transfer capabilities, as well as the ability to overwrite a system's master boot record, which can make the system inoperable once rebooted.

No comment yet.