Cumbersome regulations and red tape will likely undermines the United States government’s efforts to use information-sharing as a means to contain or prevent cyber breaches, according to a new study.
The study shines doubt on the wisdom of the Cybersecurity Information Sharing Act (CISA), a controversial cybersecurity bill currently making its way through Congress.
CISA would allow for greater sharing of cyber-threat data between private companies, like Facebook or Google, and the U.S. government. The bill’s co-sponsors say CISA will help bolster cybersecurity in both government and business, but privacy advocates worry that Internet users’ personal information will be used for purposes far beyond that scope.
Intelligence shared through a government exchange is only somewhat effective or not effective at all when it comes to cyberattacks, according to 57 percent of federal IT employees and 70 percent of state and local IT workers polled by the Ponemon Institute.
Sponsored by HP, the study found that negligence on the part of government employees is the leading security threat (44 percent), followed by unknown software vulnerabilities (36 percent), the study found. Government contractors also play a major role in many security breaches, according to 36 percent of respondents.
Conducted in July, the survey, which found the government lacks the ability to share crucial information in a timely manner, polled 443 IT employees on the federal level, and 402 IT employees from state and local agencies.
Larry Ponemon, founder of the Ponemon Institute, told NextGov: “When you look at large organizations like government enterprises, you are dealing with bureaucracy, and information that really should be shared doesn’t get shared quickly enough or it gets filtered. It basically gets stopped.”
Federal legislation that would create a new cyber-threat information exchange between the government and private sector, as CISA would, is being oversold, according to a dozen speakers at this year’s Senior Executive Cyber Security Conference, Computerworld reports.
Robyn Greene, policy counsel of the New America Foundation’s Open Technology Institute, echoed the concerns of many digital-rights groups, who feel the Obama administration’s attempts to encourage data sharing will only expose more Americans to cyber threats.
“Unfortunately, the bills incentivize oversharing,” Greene said. “They don’t protect [personally identifiable information] once it gets to other companies or the government.”
Greene says she also worries that “too much of [the data] will be used for investigations on things that have nothing to do with cybersecurity.”
H/T NextGov | Illustration by Max Fleishman