A new proposal has been presented to the United States House of Representatives that is being considered as a way to help prevent cyber threats in the future. The proposal states that a semi-independent company would be established that would let the United States government and private companies share the information they have regarding cyber threats.
This proposal is for NISO (National Information Sharing Organization), and was proposed by the California Representative Dan Lungren. This semi-independent company would serve as a focal point for all information (both collection and distribution) on cyber threats for all levels of government and all businesses. On top of being a highway for information, this nonprofit organization would also be used to increase cyber security through research.
While the proposal initially sounds like a it has no contest, there are several who see features that necessitate change. Those who are concerned about the National Information Sharing Organization proposal state that there needs to be limits on what information is shared because privacy issues could lead to disastrous consequences. Others concerned about the proposal state that the broad definition of the information shared could entitle the National Security Agency more access to personal information on companies.
Despite there being some obvious concerns about the National Information Sharing Organization, the proposal was well received overall – as stated by four witnesses that were present at the time of the proposal. Unfortunately one analyst, a man named Kevin Kosar who focuses on United State government issues Congressional Research Service, raised an interesting question. Kevin Kosar questioned whether this semi-independent company would have too much independence due to the majority of the funding coming from private parties and only 15% of the overall fudning coming from the United States Government.
“Whether the threat of losing that 15 percent contribution would be a sufficient carrot to encourage ongoing NISO compliance to government direction is unclear,” Kevin Kosar said, clearly explaining his concerns on the National Information Sharing Organization proposal.
On top of only receiving a small portion of funding from the United States government, NISO would also not be under any obligation at all to report to congress or the president. Privacy concerns troubled Kevin Kosar as well. He felt that there was not enough information provided on how the government was going to keep NISO participants compliant and prevent them from leaking information.
Dan Lungren stated that it was crucial for Congress to push forward with a policy because of the increasing threats that malicious users posed.
“Disgruntled employees, hackers, and foreign governments are knocking on the door of [critical] systems,” he said. “Congress needs to act to improve our cyber defenses.”
While no official ruling has been made yet on the cyber threat policy the National Information Sharing Organization is a big step forward. Despite the NISO being somewhat flawed, and not completely accepted by members, NISO represents an understanding of the crucial need to increase cyber defenses – something that should have been done a very long time ago.