Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
U.S. companies shouldn’t wait for Congress before taking action to address cybersecurity, top intelligence officials said at a Jan. 5 Senate hearing.
Cybersecurity threats are real and demand immediate attention from companies as well as the federal government, Director of National Intelligence James R. Clapper Jr.; Under Secretary of Defense for Intelligence Marcel J. Lettre II; and Chief of U.S. Cyber Command, Director of the National Security Agency and Chief of Central Security Services Michael S. Rogers told the Senate Armed Services Committee.
The focus of the U.S. Senate Committee on Armed Services hearing was mainly around Russia’s alleged involvement in hacks that attempted to sway the 2016 presidential election. Immediately after the hearing, panel Chairman John McCain (R-Ariz.) told reporters that in a broad sense the Russian intrusions were an “act of war.”
The intelligence officials said private-public partnerships to address cybersecurity are essential.
Laura E. Jehl, partner at Sheppard, Mullin, Richter & Hampton LLP in Washington and co-leader of the firm’s Privacy and Cybersecurity Practice, told Bloomberg BNA Jan. 5 that although companies shouldn’t rely on the U.S. government for cybersecurity preparedness, “there’s a role for public private partnerships.” The recent Joint Analysis Report detailing tools allegedly used by the Russia government-sponsored hackers is a “great example of private-public information sharing that benefits everyone.”
Rogers and Clapper expressed concerns over cybersecurity workforce issues, saying that the lack of a high-end professionals may be hurting U.S. cybersecurity preparedness in both the public and private sectors.
Even with the loss of some of the cybersecurity workforce to the private sector, the government should still share information with the private sector to help combat foreign cyberattacks.
A hallmark of private-public partnerships is cybersecurity information sharing programs, which the U.S. implemented in December 2015 as part of the Cybersecurity Information Sharing Act (CISA). CISA protects companies that share cybersecurity threat indicators or defensive measures with the government. Under CISA, private entities that “promptly” share their data with the government are granted immunity from any public or private cause of action.
Kendall C. Burman, cybersecurity and data privacy counsel at Mayer Brown LLP in Washington, told Bloomberg BNA Jan. 5 that private-public partnerships “and information sharing are pieces” of the cybersecurity puzzle. There’s no “question that the private sector must lean forward on cybersecurity and that the government has a critical role as well,” she said.
The important question going forward is how the U.S. government and private industry “can work together to be most effective and what needs to happen to better understand their respective roles” in cybersecurity preparedness, detection and prevention, Burman, who previously served in the Obama administration, said.
Bill Wright, director of government affairs and senior policy counsel at cybersecurity company Symantec Corp, told Bloomberg BNA Jan. 5 that private-public partnerships and information sharing are helpful to stop foreign cyberattacks, but raised concern that some companies may rely on congressional action for assistance. While assistance may be helpful, especially for small businesses, companies shouldn’t “rely entirely on the government because no government in this world can completely stop this threat,” he said.
If there is a “silver bullet to cybersecurity” it will probably come from private-public partnerships, Wright said.
Recent statements made by the Trump administration disparaging the intelligence community’s report on the alleged Russian hacking may be hurting the U.S.'s ability to hire a competent cybersecurity workforce.
Rogers said at the hearing that private and public sectors need enhancements to the cybersecurity workforce. Clapper also raised concerns that Trump’s statements about the U.S. intelligence community is leading to the “high-end cybersecurity workforce” leaving the government for the private sector.
Wright said that the U.S. government has been doing a better job “over the last year or so to sweeten the pot” to attract cybersecurity professionals. Hopefully the government can fill these roles to better enhance government cybersecurity protection.
Jehl agreed that the government’s cybersecurity outlook isn’t as bleak as Rogers and Clapper made it seem. The U.S. has “has tremendous resources which can be brought to bear to identify the source of cyberattacks and to educate others who may be at risk,” she said. This is beneficial to both the private and public sectors, she said.
To contact the reporter on this story: Daniel R. Stoller in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Further information on the hearing is available at http://www.armed-services.senate.gov/hearings/17-01-05-foreign-cyber-threats-to-the-united-states.
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)