Lawmaker Proposes Cyberthreat Sharing Group

alphadogg writes "A proposal in the House of Representatives would set up a new semi-independent organization allowing the U.S. government and private companies to share information about cyberthreats, but some critics questioned whether the group would be too removed from congressional scrutiny. The draft proposal (PDF), from Representative Dan Lungren, a California Republican, would create a nonprofit National Information Sharing Organization (NISO) that would serve as the collection and distribution point for cyberthreat information shared among the federal government, state and local governments, private companies and education institutions. NISO would also fund cybersecurity research and development."

Cyberthreat

[Anonymous Coward]

This post has been reported as a cyberthreat.

Re:congressional scrutiny

[Ethanol-fueled]

That's what I wondered. We already have have Fusion Centers that are information hubs for Local, State, and Federal law enforcement. We already have "community outreach" urban snitch partrols sponsored by the police and FBI. We already have private security and P.I.-types doing the "intelligence gathering" and fishing expeditions and typical law enforcement can't get away with doing(yet).

My best guess is that it's all bullshit to take that 15% DHS funding and funnel it directly into the private members. From the article:

The proposal is a "positive step" toward a national cybersecurity policy, said Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec.

There you go.

Re:

[rtp]

"take that 15% DHS funding and funnel it directly into the private members"

Mod that comment up.

America (and others users globally benefiting from the Internet) will be much more secure with a distributed ecosystem with many independent groups each working toward assuring their own independent, autonomous security, rather than attempting to pass the buck to yet another outsourced committee operating as a puppet for the federal government. DHS is moving us toward dystopia with all of the federal intelligence

Re:

[stiggle]

Because if it has congressional scrutiny then the congressmen on the oversight committees can get kickbacks and campaign donations from the companies involved.

Seems a whole lot of effort to set up a few mail lists & phone auto attendant message system :-)

Silly noob, welcome to our world.

[subreality]

We've had CERT for a long time.

Re:

[PopeRatzo]

We've had CERT for a long time.

Of course.

And who wants to bet that "cyberthreat" will soon include protection of "intellectual property"? It's no accident that "educational institutions" will also be included in the groups that "benefit" from this new national cyber police force. Will "cyberthreat" include groups of protestors that organize civil disobedience online?

Any time somebody in Congress comes up with a solution to combat some "threat", my radar goes off. Too many of the "threats" that these peop

Re:

[Anonymous Coward]

The FBI also has Infragard, which is designed to extend the CERT model to include other industries (thnk chemical, utility, public transportation, etc.)

Oh, and the ISACs (REN-ISAC, MS-ISAC, etc.)

Seriously, WTF are these people doing with our tax dollars if they can't hire an intern to spend an hour Googling what's already out there before going off half-cocked? Or, I don't know, ASK IT Security people what we want/need?

This is why so many intelligent, well-informed and thoughtful people (as opposed to cons

Ok, this looks alright

[Baloroth]

Well, this was supposed to be an angry rant about government forming yet another stupid and unnecessary organization, probably designed to crack down on copyright all in the name of "protect the children". Then I read the draft (or, rather skimmed a large part of it), and it actually seems focused an preventing wide-scale attacks on infrastructure and creation of more secure Internet protocols. Seems... alright, although this is, of course, just a draft. Also, it'll never live up to it's promises, but hey, I suppose trying to secure the nation against computer-based attack is laudable.

It's probably still stupid and redundant, but at least it seems redundant in the right direction, anyways.

Re:

[Wildclaw]

Isn't there a budget problem?

Yup. The currency issuer (federal government) is not issuing enough money (running a high enough "deficit") to match private+foreign sector aggregate savings rates. This is directly evidenced by current unemployment rates.

There is also a secondary problem of mis-allocation of resources in the federal government, in other words, the federal government is spending money on the wrong things. But that doesn't change the fact that the current deficit is too low.

Infragard?

[el_tedward]

Yeah, they don't do any of that.

The usual question...

[englishknnigits]

Why does this need to involve government? Let the industries and individuals interested help fund and found the organization. If the organization works well and is beneficial then it will likely stick around. If it is useless then companies/supporters will lose interest and it will go away. If the concept was useful but the implementation was terrible then alternatives will spring up. If the government founds it/runs it/supports it then it will never go away no matter how useless or poorly run it may t

Re:

[englishknnigits]

We may need to take off the handcuffs, apply some burn cream, add some finger splints, and give it a pep talk first though.

Re:

[rtb61]

This involves government for the most obvious reason of all. Private industry is always focused on profits even to the insane level of profits on economic and environmental collapse. When it comes to establishing a government authority the focus is on savings, the money saved by avoiding conomic and environmental collapse.

Government authorities also help to avoid copyrights and patents from blocking the universal adoption of highly beneficial technologies.

Privatisation is proving to be nothing but a bo

Re:

[englishknnigits]

I'm trying to decide if that post is sarcastic or not...I hope it is because I can't imagine you actually believe anything you just typed. I'll try my hand at some sarcasm. Yes, the government is run on rainbows and gumdrops and people who love their fellow man and are not power hungry, greedy, or self serving. Have you ever heard of a rich politician? Don't think so! That's because they are only interested in saving people money and protecting the environment! Creating huge bureaucracies helps protec

Re:

[gtall]

Yep, the FAA does nothing for airline safety. NIH does nothing of consequence in combating disease outbreaks from those friendly listeria farming operations. OSHA hasn't lifted a finger for workplace safety. The nerve of NSF funding fundamental research, don't they know research grows on trees to be cherry picked by Business School Product for the good of Americans? If only America could be returned to the people....like the housing crisis. People have a G-d-given right to sign contracts they are too stupid

Re:

[englishknnigits]

Monopolies aren't something the American people "try". Monopolies can only exist in the presence of government blocking competition through regulation, propping up the company through subsidies, and not enforcing basic laws (such as "don't break the legs of competitors"). Monopolies and big government go hand in hand, they are not opposites. The main point you don't understand is that these faceless bureaucrats are drawn from the same crowd of helpless people you think they protect. The helpless, short

Re:

[rtb61]

The insane marketing view of the corporate race to the bottom. Corporations where the executives are not legally and criminally liable for all acts of that corporations are fabrications of the sociopathicaly insane and a current reality. No wonder modern corporate public relations and marketing agencies are will known for their drug use, that could be the only excuse for the continual stream of mendacities that flows from them. I only hope that should you suffer a severe illness that your relatives put the

Re:

[englishknnigits]

I agree that corporate heads are currently not held adequately accountable for the repercussions of their decisions, particularly where there is negligence. That is the governments job and they are failing miserably at it. When a corporation fails or does something wrong the government typically gives them money and writes regulations to punish all of that corporations competitors who were actually doing the right thing. As to your illness point, I would gladly accept treatments risen from the innovation

Re:

[Mr. Shotgun]

Why does this need to involve government? Let the industries and individuals interested help fund and found the organization.

Lmao, oh you must be kidding! Private enterprise be interested in secure coding? No my friend, they be all about the latest product they can pimp out, they will never, ever, ever be interested in secure code. To paraphrase notion put forth: cheap, fast, secure...pick two. To get fast and secure you have to hire someone who knows his way around a project, who's been around the block a few time and who has seen more than one block of unsecure code. And they do not come cheap, so that is out. For fast and se

Re:

[englishknnigits]

That is true as long as their customers don't care about it. If their customers don't care about it then why should the government step in and decide what is important for customers? I know what I want, why do you think the government knows what I want better than I do? This of course assumes there isn't a government supported monopoly/oligopolies running an industry. In that case you have two choices, stop supporting and protecting monopolies/oligopolies so there is actually competition or create anoth

Because it lets them pick winners and loosers.

[Ungrounded Lightning]

Why does this need to involve government?

Because it lets the government pick winners and losers. Winners are given early information about cyber threats. Losers are not.

Winners tend to correlate well with campaign contributors.

Re:

[englishknnigits]

That's the "How appropriate, you fight like a cow" to my "You fight like a dairy farmer" :(

Re:

[gtall]

Yeah, like the interstate highway system. Boy, they made out like bandits on that one.

Re:

[Ungrounded Lightning]

Yeah, like the interstate highway system. Boy, they made out like bandits on that one.

Yep. A lot of nephews and cousins of politicians (and members of their political machines) "won" the construction contracts and made out like bandits.

Still are, too. Especially with large amounts of gas tax money diverted from road construction to "alternative transport" projects to "get people out of their cars". Lots of graft to go around there.

ren-isac and friends?

[Cmdr-Absurd]

Are we proposing something like the various ISAC groups such as ren-isac [ren-isac.net]? These have been around for quite a few years.