Podcasts about Cybersecurity Information Sharing Act

NATO hosts the world's largest cyber defense exercise. The DOJ charges a dozen people in a racketeering conspiracy involving the theft of over $230 million in cryptocurrency. Japan has enacted a new Active Cyberdefense Law. Lawmakers push to reauthorize the Cybersecurity Information Sharing Act. Two critical Ivanti Endpoint Manager Mobile vulnerabilities are under active exploitation. Hackers use a new fileless technique to deploy Remcos RAT. The NSA's Director of Cybersecurity hangs up their hat. Our guest is Christopher Cleary, VP of ManTech's Global Cyber Practice, discussing the cyber battlespace of the future. Coinbase flips the script on an extortion attempt.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us on our Industry Voices segment, Christopher Cleary, VP of ManTech's Global Cyber Practice, talks about the battlespace of the future. If you would like to hear the full-length interview between Christopher and Dave, listen here. Learn more about ManTech's cybersecurity work here.  Selected Reading NATO's Locked Shields Reflects Cyber Defense Growth  (SecurityWeek) US charges 12 more suspects linked to $230 million crypto theft (Bleeping Computer) Japan enacts new Active Cyberdefense Law allowing for offensive cyber operations (The Record) Lawmakers push for reauthorization of cyber information sharing bill as deadline looms (The Record) Ban sales of gear from China's TP-Link, Republican lawmakers tell Trump administration (The Record) Scammers are deepfaking voices of senior US government officials, warns FBI (The Register) Multiple Ivanti Endpoint Mobile Manager Vulnerabilities Allows Remote Code Execution (Cyber Security News) Updated Remcos RAT deployed in fileless intrusion (SC Media) NSA cyber director Luber to retire at month's end (The Record) Coinbase offers $20 million bounty after extortion attempt with stolen data (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The House Permanent Select Committee on Intelligence is considering updates to a key cybersecurity law. The Cybersecurity Information Sharing Act of 20-15 expires this September. The intelligence committee last week received briefings from multiple agencies on how the law has worked out so far. The statute incentivizes private industry to share cyber threat data with the government. But Intelligence Committee Chairman Rick Crawford says the law needs to be updated to account for a decade of evolving technology and cyber threats. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Cybersecurity Information Sharing Act passed on a bipartisan basis a decade ago. But to get consensus, a lot of provisions got left behind. Now it's time to reauthorize, and with that comes the opportunity to modernize and fix the original provisions. Here to discuss whether, and how, Congress might move forward, Partner at Wiley Rein, Megan Brown.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

In the latest Security Sprint, Dave and Andy covered the following topics:Warm Start:·      Sen. Markey, Rep. Schakowsky Introduce Legislation To Protect Clean Water And Wastewater Utilities·      AMWA endorses legislation to encourage WaterISAC participation·      FS-ISAC Releases Guidance On The Future State Of Generative AI In Financial Services·      Senate Intelligence Committee: 03/25/2025 - 10:00am, Open Hearing: Worldwide Threats (complete hearing available here)·      2025 Annual Threat Assessment of the U.S. Intelligence Community·      ODNI: 2025 Annual Threat Assessment Of The U.S. Intelligence Community & Download the report. Main Topics: Severe Weather·      AccuWeather - Dynamic hurricane season predicted for Atlantic in 2025·      Noem says she plans to ‘eliminate FEMA' ·      Ranking Members Thompson & Kennedy:Trump Administration Continuing to Call for Elimination of FEMA and PlayPolitics with its Workforce Will Cost Lives·      US GAO - Disaster Assistance: Improving the FederalApproach·      Sessions Announces Hearing on FEMAReform Opportunities, Recovery Efforts in North Carolina. March 26, 2025, 10:00 a.m. ET·      Powerful earthquake rocks Myanmar andThailand, killing at least 3 in Bangkok high-rise collapse·      Deaths from devastating earthquake inMyanmar climb past 1,700 Vehicle Ramming & Terrorism·      Into the Crowd: The Evolution ofVehicular Attacks and Prevention Efforts·      UK NPSA: Considerations for Temporary Vehicle Security Barriers; Last Updated 20 March 2025·      CSIS: Global Terrorism Threat Assessment 2025 North Korean Worker Threats·      How To Proactively Mitigate The DPRK ITWorker Employment Scam·      The North Korea worker problem is biggerthan you think Quick Hits:·      Oracle customers confirm data stolen in alleged cloud breach is valid·      Oracle Health breach compromises patient data at US hospitals·      Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service·      Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII·      Scammers Entice U.S. Taxpayers With FundRecovery Services on Facebook, TikTok·      No MFA? Expect Hefty Fines, UK's ICO Warns·      Exclusive: Secretive Chinese networktries to lure fired federal workers, research shows·      A sweeping cyber law's long road torenewal— The 2015 Cybersecurity Information Sharing Act is set to expire this September.  ·      IngressNightmare: 9.8 CriticalUnauthenticated Remote Code Execution Vulnerabilities in

Rick Howard, N2K CyberWire's Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this week's Security Sprint, Dave and Andy covered the following topics. ISAC Exciting Announcements! Tribal-ISAC joins National Council of ISACS for cyber security, information sharing Japanese Auto-ISAC and Auto-ISAC Formalize Agreement to Enhance Vehicle Cybersecurity Severe Weather Awareness Iowa Caucus Impacts Texas "Freeze" Buffalo Bills great stadium dig-out   Main Topics   School Data Base Leak. https://www.wired.com/story/us-school-shooter-emergency-plans-leak/ SEC X Compromise. SEC account hack renews spotlight on X's security concerns US SEC says breach of its X account did not lead to breach of broader SEC systems A Hacker's Perspective: Social Media Account Takeover Prevention Guide   Scams. https://news.trendmicro.com/2024/01/12/fake-apple-and-capital-one-notifications-top-scams-of-the-week/   Physical Threats. Malicious Actors Threaten U.S. Synagogues, Schools, Hospitals, and Other Institutions With Bomb Threats, 12 Jan. “Since 8 December 2023, the FBI has opened investigations on more than 100 separate threats targeting more than 1,000 institutions in 42 states and the District of Columbia." New FB-ISAO Newsletter! FB-ISAO Newsletter, v6, Issue 1. US, UK launch retaliatory strikes against Houthis in Yemen Protests erupt outside Yemen Mission in NYC to condemn US attacks on Houthi rebels — some protesters attacking couple holding Israeli flag: ‘Long live Hamas, you piece of s–t!' Joint Statement from the Governments of Australia, Bahrain, Canada, Denmark, Germany, Netherlands, New Zealand, Republic of Korea, United Kingdom, and the United States Statement from President Joe Biden on Coalition Strikes in Houthi-Controlled Areas in Yemen Statement by Secretary of Defense Lloyd J. Austin III on Coalition Strikes in Houthi-Controlled Areas of Yemen Background Press Call by Senior Administration Officials and Senior Military Official on Developments in the Middle East Houthi rebels say US will pay a ‘heavy price' for strikes that killed 5, injured Lulzsec Hacktivists Leak American Bank Logins in Protest Against Yemen Airstrikes Moscow Blasts U.S.-British Strikes in Yemen Who Are the Houthis and Why Did the US and UK Launch Strikes on Them?   Quick Hits FBI arrests Florida man accused of threatening ‘mass casualty event' American intel officials warn of risk of Hezbollah attacking U.S.  Ivanti Vulnerabilities. Ivanti Blog Post: Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN CISA Adds Two Known Exploited Vulnerabilities to Catalog CERT-NZ: Vulnerabilities in Ivanti Connect gateways actively exploited Canadian Centre for Cyber Security Ivanti security advisory (AV24-020) Ivanti warns of Connect Secure zero-days exploited in attacks Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers Cutting Edge: Suspected APT Targets Ivanti Connect Secure VPN in New Zero-Day Exploitation.  Canadian Centre for Cyber Security Ivanti Connect Secure and Ivanti Policy Secure gateways zero-day vulnerabilities Risky Biz News: Chinese APT exploits two Pulse Secure zero-days Ivanti Zero-Day Vulnerabilities (CVE-2023-46805 and CVE-2024-21887) State-backed hackers are exploiting new Ivanti VPN zero-days — but no patches yet Zero-Day Exploitation of Ivanti Connect Secure and Policy Secure Gateways Hundreds of Thousands of Dollars Worth of Solana Cryptocurrency Assets Stolen in Recent CLINKSINK Drainer Campaigns The vulnerability forecast for 2024 WEF: Global Cybersecurity Outlook 2024 Joint Report on the Implementation of the Cybersecurity Information Sharing Act of 2015  

The Cybersecurity Information Sharing Act of 2015 was Congress' fix to the confusing statutes that regulated the cyber threat information that could pass between the private sector and the federal government. Eight years later, many people still don't know the law exists or what a valuable tool it can be. In this episode, guest Leonard Bailey, head of Computer Crime and Intellectual Property Section's Cybersecurity Unit with the Department of Justice, explores the Cybersecurity Information Sharing Act and its benefits.

“We want to make sure that every provider has the ability to protect itself and its patients, and not have to worry about budgets or funding to do the right thing.” Those words from a leading health care cybersecurity expert are music to the ears of hospital and health system leaders whose systems have been the target of criminal cybersecurity intrusions … both attempted and successful. So, how can providers achieve this higher level of safety from cyber-attacks? In this episode we are joined by Ed Gaudet, founder of Censinet, one of the AHA's carefully vetted Preferred Cybersecurity Providers. Gaudet is an expert of many years in the field. In addition to leading his company, he is active on a government task force establish by “The Cybersecurity Information Sharing Act of 2015” whose mission is to improve cybersecurity in health care. Along the way, Ed crossed paths with John Riggi, AHA's National Advisor for Cybersecurity and Risk. In this podcast, John and Ed discuss how Censinet's approach to cyber security can help members - regardless of size or budget - to reduce the cyber risks that threaten patient safety and care delivery.

Governments around the world are increasingly relying on cloud-based IT services to fulfill their technology needs, so it is therefore vital to ensure that policymakers account for the “shared responsibility” in the cloud. That is, while cloud service providers secure the infrastructure of the cloud itself, data owners must secure their information within the cloud and across a comprehensive network ecosystem, ensuring consistent visibility and security across the entire network. Now as the cost of computing continues to decline, digital adversaries are able to conduct increasingly automated, successful attacks at minimal cost. Network defenders, on the other hand, are generally relying on legacy security technologies to manually defend against these automated, machine-generated attacks. Incorporating AI and automated machine learning into cybersecurity capabilities provides a strong tool for identifying cyber threats and preventing successful attacks.  In the show today, J. Richard Jones talks with Coleman Mehta, Senior Director, U.S. Policy, Palo Alto Networks, about these two important topics that are transforming the cybersecurity industry: cloud computing and AI. Hear about some of the unique challenges that both public and private sector organizations face when securing the cloud. What is the Shared Responsibility Model and what should organizations consider when developing a modern cybersecurity strategy? How can organizations stay ahead of the cyberthreats as the volume and sophistication of attacks continues to rise? What role does AI play in today’s cybersecurity and how is Palo Alto Networks helping customers – both in the public and private sector – identify and prevent cyberthreats?  Coleman Mehta serves as Senior Director, U.S. Policy, Palo Alto Networks. In this role, he is responsible for the company’s engagement on public policy issues such as cybersecurity and data privacy, IT modernization, cloud computing, high-skilled immigration, and more. Coleman previously worked as a career civilian U.S. government official at the White House National Security Council, serving as Director for Legislative Affairs. He led the NSC's legislative strategy on cybersecurity and technology issues – including encryption policy and data privacy – plus other homeland security, intelligence, and foreign policy issues. Prior to his tenure at the White House, Coleman worked at the U.S. Department of Homeland Security, leading the Department’s negotiations with Congress on several high-profile cybersecurity bills, including the Cybersecurity Information Sharing Act, Federal Information Security Modernization Act, and National Cybersecurity Protection Act.  A security fellow of the Truman National Security Project and former Presidential Management Fellow, Coleman was named a 2018 “Tech Titan” by Washingtonian magazine. He holds degrees from North Carolina State University, the University of Virginia, and Bard College at Simon’s Rock. To learn more about Palo Alto Networks, go to https://www.paloaltonetworks.com.

In our 224th episode of The Cyberlaw Podcast, Stewart Baker interviews Duncan Hollis regarding his and Matthew Waxman’s paper, “Promoting International Cybersecurity Cooperation: Lessons from the Proliferation Security Initiative (PSI).” Stewart and Duncan are joined by Maury Shenk, Christopher Conte, Jamil Jaffer (@jamil_n_jaffer), and Laura Hillsman to discuss: California’s new privacy law; SEC charges a second Equifax manager with insider training; White House draws a line in the sand over ZTE in statement of administration policy – but not veto threat, and the president decides only to beat up Chinese investments once; serious problems in the USA Freedom Act record system; facing reality, Reality pleads; kind of a sad showing for Cybersecurity Information Sharing Act’s information-sharing provisions; The Intercept continues to pioneer relevance-free journalism; trust in social media is collapsing, especially among Republicans, who (remarkably) also think tech companies need more regulation. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm. 

The black letter law and articles discussed in this episode: John Bolton gets rid of the “cyber czar” position in the NSC on Lawfare https://www.lawfareblog.com/boltons-magnificent-idea-nix-white-house-cyber-czar Cyber czar removal article on Ars Technica https://arstechnica.com/tech-policy/2018/05/trump-closes-job-opening-for-cyber-czar-raising-protests-from-congress/ Senator King and Senator Lankford question the intelligence community on cyber preparedness http://transcripts.cnn.com/TRANSCRIPTS/1802/13/ath.01.html Correction: The National Protection and Programs Directorate (NPPD) at DHS https://www.dhs.gov/national-protection-and-programs-directorate NIST Cybersecurity Framework 1.1 https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf Cybersecurity Information Sharing Act of 2015 https://www.dni.gov/index.php/ic-legal-reference-book/cybersecurity-act-of-2015 OPM hack https://www.lawfareblog.com/why-opm-hack-far-worse-you-imagine Hidden Cobra alert https://www.us-cert.gov/ncas/alerts/TA18-149A Proof of concept of a car hack https://www.wired.com/story/car-hack-shut-down-safety-features/ Ukrainian Power Grid hack https://ics.sans.org/media/E-ISAC_SANS_Ukraine_DUC_5.pdf Bowman Dam, Rye Brook, New York SCADA system hacked https://www.nytimes.com/2016/03/26/nyregion/rye-brook-dam-caught-in-computer-hacking-case.html Paul Rosenzweig is a senior advisor at the Chertoff Group, a lecturer at George Washington University Law School and a senior fellow at the R Street Institute https://www.rstreet.org/team/paul-rosenzweig/ Paul’s Lawfare feed https://www.lawfareblog.com/contributors/prosenzweig Follow Paul on Twitter: https://twitter.com/@RosenzweigP

From the DATA Act to the Cybersecurity Information Sharing Act, Congress finds itself involved in details of technology policy. Yet few professional staff members on Capitol Hill have formal technology backgrounds to help draft that legislation. A group called TechCongress is trying to address that problem by recruiting technology experts as Congressional Innovation Fellows. The program, now in its third year, is actively looking for candidates for the 2018 fellowship program. Travis Moore is the founder and director of TechCongress. He talked with Federal News Radio's Jared Serbu about the fellowship, and how it got started.

Raj De is a partner at Mayer Brown, www.mayerbrown.com The black letter law discussed in this episode is: -Executive Order 13636 -- Improving Critical Infrastructure Cybersecurity identifies "Section 9" critical infrastructure organizations https://obamawhitehouse.archives.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity -The European Union General Data Protection Regulation http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC - The Foreign Intelligence Surveillance Act (FISA) amended 2008 https://www.congress.gov/110/plaws/publ261/PLAW-110publ261.pdf - Committee on Foreign Investment in the United States (CFIUS) https://www.treasury.gov/resource-center/international/Pages/Committee-on-Foreign-Investment-in-US.aspx -9/11 Commission https://www.9-11commission.gov/ -Cybersecurity Information Sharing Act https://www.congress.gov/114/bills/s754/BILLS-114s754es.pdf

Soft target hardening, the Cybersecurity Information Sharing Act, combating biothreats, and the art of creating a thriving corporate culture, all in this month's podcast with Host Holly Gilbert Stowell.

Although a brave new world of corporate sharing of cyber threat information is arising, there are still concerns about government involvement. CFO.com Editor in Chief Vincent Ryan interviews Deputy Editor David M. Katz about the challenges that companies face in using the Cybersecurity Information Sharing Act of 2015 to combat hackers, reduce network vulnerabilities, and detect malicious attacks. What kind of data will companies share with the Department of Homeland Security and each other? How will they avoid disclosing customers' personal data? And will the FBI's fight with Apple make companies averse to cooperate?

The Cybersecurity Information Sharing Act passed Congress last year as part of the 2015 budget package signed by President Obama on December 18, 2015. While CISA had support from the business community, including the powerful US Chamber of Commerce and the National Cable & Telecommunications Association, it was opposed by civil liberties groups Twitter, Yelp, Apple and the Computer & Communications Industry Association whose members include Google, Amazon.com, Cloudflare, Netflix, Facebook, Red Hat, and Yahoo! Edward Snowden said a vote for CISA was a vote against the internet.Bennet Kelley speaks with Susan Hennessey, aManaging Editor of Lawfare and General Counsel of the Lawfare Instituteanda Brookings Fellow in National Security Law, who has addressed the arguments against CISA in a series of columns in Lawfare.

Welcome to another episode of Hack Naked TV recorded December 10th 2015. Today Aaron talks about Cybersecurity Information Sharing Act, Kazakhstan, Flash updates, encryption backdoors, and cyber espionage.

Welcome to another episode of Hack Naked TV recorded December 10th 2015. Today Aaron talks about Cybersecurity Information Sharing Act, Kazakhstan, Flash updates, encryption backdoors, and cyber espionage.

CISA - the Cybersecurity Information Sharing Act - has officially passed the Senate. While Congress is busy merging CISA with two other so-called cybersecurity bills that passed the House of Representatives, in this episode, by taking an in-depth look at the contents of all three bills, we discover that these bills are not what you're being lead to believe. Please support Congressional Dish: Click here to contribute with PayPal or Bitcoin; click the PayPal "Make it Monthly" checkbox to create a monthly subscription Click here to support Congressional Dish for each episode via Patreon Mail Contributions to: 5753 Hwy 85 North #4576 Crestview, FL 32536 Thank you for supporting truly independent media! S. 754: Cybersecurity Information Sharing Act of 2015 Passed the Senate 74-21 on October 27, 2015. Sponsored by Sen. Richard Burr of North Carolina 118 pages Outline of the Bill Definitions: "Agency" = "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of the Government (including the Executive Office of the President), or any independent regulatory agency, but does not include — The Government Accountability Office Federal Election Commission The governments of the District of Columbia and of the territories and possessions of the United States, and their various subdivisions Government-owned contractor-operated facilities, including laboratories engaged in national defense research and production activities "Cybersecurity threat" = An action "not protected by the First Amendment to the Constitution" that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system." A "cybersecurity threat" does not include "any action that soley involves a violation of a consumer term of service or a consumer licensing agreement. "Cyber threat indicator" = Information that is needed to identify - Spying, including strange patterns of communications that appear to be collecting technical information Security breaches Security vulnerabilities A legitimate user being used to defeat a security system Malicious cyber command and control The harm caused by a cybersecurity incident, including the information taken as a result "Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law" "Entity" = "Any private entity, non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof) Does not include "a "foreign power", which means a foreign government or a foreign based political organization. Sharing of Information by the Federal Government Executive branch officials will write procedures for sharing classified and unclassified "cyber threat indicators" and Federal government information that would help the "entities" to prevent cybersecurity threats. The officials writing the rules will be the Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General. The rules they write have to: Ensure "cyber threat indicators" can be shared in real time Include notification procedures for false alarms Include requirements for the Federal government agencies to protect against unauthorized access to the information Requires a Federal entity sharing information to remove personal information Include notification procedures for people whose personal information is shared by the government. Their procedures will be due 60 days after CISA becomes law. Monitoring Authorizations Private companies can monitor their own information systems, other private information systems or Federal information systems with permission, and monitor "information that is stored on, processed by, or transiting these information systems" Entities can share with and receive information from any other entity or the Federal government. Before sharing information, it must be reviewed and information known to be personal information "at the time of the sharing" must be removed. With the written consent of the sharing entity, information shared with a State, tribal, or local government may be used for "preventing, investigating, or prosecuting"...* An "imminent threat of death, serious bodily harm, or serious economic harm" Identity theft, transfers of stolen identification, possession of false identification, Unauthorized use of any card, plate, code, account number, or any equipment that can be used to transfer funds (fraud), Use of a "telecommunication instrument" that's been altered to obtain unauthorized use of telecommunications services", Hacking and releasing government or banking information, Extortion Harboring a criminal, Collection and/or communication of information about United States defense activities and infrastructure, or failure to report a defense data breach Disclosure of classified information Violations, or attempted violations, of NASA regulations Unauthorized use of trade secrets The information shared with the government as a "cyber threat indicator" will be except from public disclosure under any State, tribal or local law. Companies will not be punished under antitrust laws for sharing information with each other "for cybersecurity purposes" Sharing of Information by "Entities" with the Federal Government The Attorney General and Secretary of Homeland Security will write the policies and procedures governing receipt of information from private entities and local governments. The policies must include... An automated system for sharing information with "all of the appropriate Federal entities" as quickly as possible Rules governing "the retention, use, and dissemination" of the information received by the Federal Government. Audit capabilities "Sanctions" for Federal employees who break the law The Attorney General and Secretary of Homeland will publicly publish guidelines explaining what qualifies as a cyber threat indicator The Attorney General, with help from "private entities", will have 180 days to create guidelines for privacy and civil liberties that will govern how the Federal Government uses the information it receives The privacy guidelines will be reviewed every two years The Attorney General will determine how long the information will be kept by the government The Department of Homeland Security will receive and distribute all of the cyber threat indicators shared with the government. Information shared will be withheld from the public under the Freedom of Information Act and all State, tribal, and local laws. In addition to the items of the list of allowed uses of information by State, tribal, and local governments (see Monitoring Authorizations section), the Federal Government can also use the information to... "Prevent or mitigate a serious threat to a minor, including sexual exploitation and threats to their physical safety" Protection from Liability No private entity can be successfully sued in court for sharing information with the government under CISA regulations. The only way a private entity can be sued is in the cast of "gross negligence or willful misconduct" Oversight of Government Activities Federal Inspectors General will complete a report every two years. The report may include recommendations for improvement Other Rules This bill does not permit price-fixing, attempting to monopolize a market, boycotting, or exchanges of price or cost information, customer lists, or information regarding future competitive planning. Intrusion Assessment Plan The Secretary of Homeland Security will create a plan to identify and remove intruders on agency information systems. The plan will not apply to the Department of Defense, a national security system or an element of the intelligence community. The deployment and operation of the new monitoring system can be privatized The private contractor would not be allowed to disclose any of the information they access without permission from the government The private contractor will have immunity from prosecution Internet service providers can not use their immunity to break a user agreement with a customer without their customer's consent The activities carried out in this new monitoring plan need to be "reasonably necessary" to protect agency information systems from cybersecurity risks Federal Cybersecurity Requirements Agencies will have to encrypt or render indecipherable information that is stored or transmitted by their information systems, create a single sign-in method for individuals accessing their websites, and implement identity management systems for remote access for each user account. This will not apply to the Department of Defense, a national security system, or elements of the intelligence community. Emergencies The Secretary of Homeland Security can authorize "intrusion detection and prevention capabilities" on another agency's information systems in the case of an "imminent threat" Study on Mobile Device Security The Secretary of Homeland Security will study threats caused by the shift of technology from desktops to mobile in the Federal Government Health Care Industry Sharing Creates a task force to create a plan for sharing with private health care entities specifically Strategy for Protecting Critical Infrastructure The Secretary of Homeland Security will have 180 days to develop a strategy ensuring that cyber security incidents would probably not be catastrophic for public health or safety, economic security, or national security. The strategy must include... An assessment of whether each entity should be required to report cyber security incidents A description of security gaps Additional power needed Some of this report can be classified. Sunset The provisions of this bill would expire 10 years after enactment H.R. 1731: National Cybersecurity Protection Advancement Act of 2015 For reference, here's the text as of March 2015 of the Homeland Security Act, which is amended by this bill. This bill: Adds "private entities" to the list of groups that will be part of the National Cybersecurity and Communications Integration Center, which coordinates information sharing between the Federal government and other entities. Adds new groups to the list of who will be included in the National Cybersecurity and Communications Integration Center who will coordinate with all sizes of businesses. Expands the type of information that the National Cybersecurity and Communications Integration Center will share between the Federal government, local governments, and private sector. Authorizes the National Cybersecurity and Communications Integration Center to share information internationally. Requires the government and businesses to use existing technology to "rapidly advance" implementation of "automated mechanisms" for sharing between the National Cybersecurity and Communications Integration Center and Federal agencies. Participation by non-Federal entities will be voluntary. Agreements that exist before this bill is signed into law will be deemed compliant with this law. All participating entities need to take "reasonable efforts to remove information that can be used to identity specific persons". There's no listed punishments if they don't. The Under Secretary for Cybersecurity and Infrastructure Protection will create policies for governing the use of information shared with the National Cybersecurity and Communications Integration Center 180 days AFTER the bill becomes law. He/she will also be responsible for creating "sanctions" for government employees who disregard his/her privacy policies. Private entities that share information will have immunity from lawsuits, if they share information according to this law. If the Federal government breaks this law, it will have to pay the person actual damages or $1,000, whichever is higher, plus attorneys fees. There is a two year statute of limitations. This law will trump state laws that limit information sharing. The law would sunset 7 years after enactment. Passed 355-63 in the House Sponsored by Rep. Michael McCaul of Texas 60 pages H.R. 1560: Protecting Cyber Networks Act Contains the text of H.R. 1731: National Cybersecurity Protection Advancement Act Within 90 days of enactment, the Director of National Intelligence must develop procedures for sharing classified "cyber threat indicators" with "non-Federal entities" Allows cybersecurity monitoring of government systems to be privatized Allows "non-Federal entities" to share information to with anyone other than the Defense Department. The entity sharing information must "take reasonable efforts" to remove personally identifiable information on people "not directly related" to the cybersecurity threat. The President will develop polices governing what happens to information received by the Federal Government, within 90 days of the bill becoming law. The Attorney General will create policies relating to privacy and civil liberties, within 90 days of the bill becoming law. A new branch, with 50 or less employees, will be created within the Office of the Director of National Intelligence called the Cyber Threat Intelligence Integration Center, which will "serve as the primary organization within the Federal Government for analyzing and integrating all intelligence possessed or acquired by the United States pertaining to cyber threats." Information shared with the government is exempt from public disclosure. Information given to the government "shall not be subject to a rule of any Federal department or agency or any judicial doctrine regarding ex parte communications with a decision-making official." The government can keep and use information given to it to investigate, prosecute, prevent or mitigate a threat of "death or serious bodily harm or an offense arising out of such a threat" and to investigate, prosecute, prevent or mitigate a threat to a minor. The information can also be used to prevent, investigation, disrupt, or prosecute fraud, unauthorized access to computers and transmission of information taken from it, "serious violent felonies" including murder, manslaughter, assault, sexual abuse, kidnapping, robbery, carjacking, extortion, firearms use, firearms possession, or attempt to commit any of these crimes, espionage including photographing or sketching defense installations, and theft of trade secrets. Passed 307-116 in the House Sponsored by Rep. Devin Nunes of California 121 pages Audio Sources Senate Floor Proceeding CISA debate, October 27, 2015 (Transcript) House Rules Committee: Hearing about HR 1731 and HR 1560, the House cybersecurity bills, April 21, 2015 Additional Information Article: The fight over CISA is far from over by Eric Geller, The Daily Dot, October 28, 2015. Webpage: About the National Cybersecurity and Communications Integration Center, Department of Homeland Security. Music Presented in This Episode Intro & Exit: Tired of Being Lied To by David Ippolito (found on Music Alley by mevio)

Discussing CISA with JD Candidate Kyle Miller. Pardon our misrepresentation of the name of the bill in our podcast! I started saying "Computer" instead of "Cybersecurity" at some point and couldn't stop. I don't think it impacts the discussion, but sure makes us look at bit foolish. Regardless, enjoy and let us know what you think. Disclaimer: We (I) drop an F bomb or two in this podcast, so tender ears be warned. Credit goes to www.bensound.com for the intro and outro music.

The Cybersecurity Information Sharing Act of 2015 or CISA is expected to pass in the house tomorrow, October 27, 2015.  The legislation claims to help with cybersecurity, but critics say otherwise. The bill is a reincarnation of SOPA and CISPA, which were previous failed attempts to pass similar legislation.   CISA puts the department of homeland security in charge of massive data collection powers and provides legal immunity to corporations who share user data with the government. The law also allows DHS to share any data it captures through private sector sharing with any federal agency and even contractors. Watch on YouTube:  https://youtu.be/uFCrxvJxav8 Read more here:  http://www.infoworld.com/article/2995960/government/cisa-congress-law.html Show your disapproval to congress with Popvox (it's free & easy):  https://popvox.com/bills/us/114/s754  

Host Brian Wesolowski first chats with Greg Nojeim on why CISA (the Cybersecurity Information Sharing Act) is more surveillance than security, why all info-sharing isn't bad (put that hammer away!), how attribution makes cyber countermeasures dangerous, and more. Then Erik Stallman joins to break down for us some copyright issues – particularly, how the latest example of "white hat" security research [driverless car crash, anyone?] designed to help us better understand and secure ourselves is technically breaking the law. Attribution: sounds used from Psykophobia, Taira Komori,BenKoning, Zabuhailo, bloomypetal, guitarguy1985, bmusic92, and offthesky of freesound.org.