""If you find something in your software that shouldn't be there, and there's some indication that it is going to surveil what you're doing or introduce some harm to a system," explains Andrew Grosso (attorney at Andrew Grosso and Associates, and former assistant US attorney), "then you can report it." Safely and free of liability concerns."
"The government agency that receives the threat information may or may not take any action, but it will further share that data with other agencies and will share it with other companies that may similarly be threatened. "Or the company concerned may share the threat information directly with other companies," continues Grosso. "It opens a window on risk in real time. It encourages reporting, protects the companies that do the reporting, and it tries to protect the identity of people who may be named as 'suspects', and the name of any known 'victims' of the threat.""
"A sunset clause built into the Cybersecurity Information Sharing Act 2015 ( PDF) means it will expire at the end of September 2025 unless reauthorized by the US Congress. At the time of writing, it has not been reauthorized."
CISA creates legal encouragement and liability protection for companies and individuals to report cyber threats and unsafe code. A sunset clause sets expiration at the end of September 2025 unless reauthorized by Congress; reauthorization had not occurred at the time of writing. Reported threat data may prompt no action by the receiving government agency but can be shared with other agencies and affected companies, or shared directly between companies. The framework aims to enable real-time visibility into risk, protect reporters from liability, and shield the identities of named suspects and known victims. Political timing and the concurrent debt ceiling debate have delayed reauthorization.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]