"With the lapse, federal and non-federal entities will likely enter into contractual arrangements to preserve some of the legal protections provided in the law, Kemba Walden, the former acting national cyber director, told Nextgov/FCW. "Information sharing and collaboration is key to achieving a secure and resilient digital infrastructure. It may take more effort now that CISA 2015 has lapsed, but enterprises will likely have to ensure legal protections through contractual arrangements," she said."
"A media statement provided by the Cybersecurity and Infrastructure Security Agency said the lapse of the information-sharing law deals "a serious blow" to U.S. cyberdefenses. Legal exemptions were made a core feature of the 2015 regulation because cyber threat information often contains sensitive data about victims and companies. To help agencies like the FBI track nation-state cyber threats and criminal hackers, those datasets often need to be shared with government analysts."
The Cybersecurity Information Sharing Act of 2015 expired during the government shutdown, removing statutory legal cover for transmitting cyber threat data to government. Federal funding for a state and local cybersecurity grant program also lapsed. The expiration discourages exchanges of threat datasets that often include sensitive victim and corporate information, widening opportunities for adversaries and degrading defensive coordination. Public and private entities will need to rework data-sharing approaches and are likely to rely on contractual arrangements to recreate protections, which slows collaboration. The lapse was described as a serious blow to U.S. cyberdefenses, and practitioners are advising clients urgently.
Read at Nextgov.com
Unable to calculate read time
Collection
[
|
...
]