IT Security Alert: Cyber security bill; concerns for managed services
According to the White House press office, President Obama may decide to veto a new bill that businesses regard as essential if they are to be able to fend off hacking attacks and other threats to robust cyber security. The bill, known as CISPA, is officially entitled the Cyber Intelligence Sharing and Protection Act. Provisions of the legislation would encourage the sharing of information about the current threat environment with government regulators. The way these provisions are written, however, has caused some civil libertarians to fear that they would grant permission to ISPs to act as spies for the government, reporting on the actions of their customers.
This prospect is a logical concern not just for the civil rights of individuals, but also for privacy and confidentiality concerns that small and medium-sized business may have. It remains to be seen how these exact provisions of the bill would be administered when organizations using the internet have their IT support services provided by a managed services company.
Sponsors of the bill have announced intentions to address privacy issues through a series of amendments. These include limits on how gathered information could be put to use and prohibitions on retaining gathered information except for use to improve security. Contemplated amendments will also serve to limit precisely the kinds of information that may be gathered at all. These changes may make the legislation more palatable to businesses that must interact heavily with the internet as a part of their usual workflow.