96%(209)200 out of 209 people found this document helpful
This preview shows page 8 - 10 out of 21 pages.
challenges face by small businesses (Stevens, 2018).Information provided by the DHS NCCIC to private organizations could enable the privateorganizations to better secure their networks. The most useful information would include as much information as possible about the CTI, including how the threat would be carried out in anattack. This information would allow private organizations to better understand how to safeguard against that specific attack and strengthen their network security posture. The government could also provide private organizations with rapid point-to-point dissemination of pertinent information with minimal lag time. Additionally, the government should provide information regarding the threat vectors directed toward the target company or the regional industry.Private sector organizations are also asked to share information with the government in order to obtain the most complete picture of CTI currently in cyberspace. The information from private sector organizations provided to the government should include CTI that are not likely toinclude information that is not related to a cyber threat, information that contains personal information of a specific individual or identifies a specific individual, or information protected under applicable privacy law.7
As the act is currently written, sharing is voluntary. Changing the act to make sharing mandatory has pros and cons. On one hand, the public could become outraged at the thought of more sharing of information (which may inadvertently include some of their personal information) with the government. However, we believe that by making sharing mandatory, it will allow the United States government and entities to get a more complete picture of the current cyberspace. This will lead to better development of cyber defense tools that could prevent future attacks that compromise personal information, as well as national security. This policy change will have potentially negative implications in terms of customer’s private data. The increase in sharing will inevitably lead to personal customer data being shared occasionally, but there are oversight measures that can be put in place to mitigate these instances and keep the sharing of personal customer data low.Some potential oversight options are a separate subcommittee that will review the information disseminations that are not time-sensitive within 48 hours of the attack. For attacksthat are imminent within 48 hours, there should be an alternative process that takes precedence over the other process in order to get the critical information about the threats intothe hands of the companies. These oversight measures would work in conjunction with the government’s current oversight procedures to share information with private entities. There can also be measures taken internally such as redacting information unnecessary to understanding the critical information to defend against the threat.
You've reached the end of your free preview.
Want to read all 21 pages?
The Land, National security, NSS, critical infrastructure