pointer

Tag Archives: verizon

Your Security and Your Business’ Security: The Cyber Intelligence Sharing and Protection Act

Posted on by .

    Earlier this month, the House Intelligence Committee introduced a bill promoting shared cyber security information between the government and corporations. The bill exempts companies from liability for voluntarily disclosing hacking incidents and gives corporations access to data from the National Security Administration to help protect their networks.

    Who’s For the Bill
    Representative Mike Rogers, the chairman of the House Permanent Select Committee on Intelligence, stated that “Through hard work and compromise we have struck a delicate balance that provides strong protection for privacy and civil liberties, while still enabling effective cyber threat sharing and providing clear authority for the private sector to defend its own networks.”

    Internet, cable, and telecommunication companies like Verizon and Comcast support the bill as it creates strong incentives for the private sector to cooperate with the government on a voluntary basis. Corporations also have access to classified intelligence on cyber security threats so they can protect their own networks.

    This philosophy of “sharing is caring” or, better put, “sharing stops hacking” has been key in the anti-fraud world, where early warnings have helped to reduce fraud. The success of this could provide for a good benchmark going forward with this bill.

    Who’s Against the Bill
    Members of the administration and privacy groups are arguing against the bill, stating that the generous liability and antitrust protections could limit the government’s ability to protect citizens due to the lack of corporate accountability. As Michelle Richardson, legislative counsel for the American Civil Liberties Union, states, “The concern is that the government will be able to create records of people’s Internet use in the name of cyber security.”

    The information presented to the government would be shared without a court order, and some incidental data might be transferred to the government. Companies could require that their security providers remove any reference to the firm’s name, employees or customers before sharing with the government, however this is left to the company’s own discretion.

    For You and for Your Business
    Cyber security is an ever-present issue no matter how big or small your business. However, many security attacks can be traced to a lack of diligence within an organization or a lack of understanding of how to accurately create a plan and process around protecting your network, as shown through this recent Healthcare report.

    Whether or not this bill gets passed, in order to protect your business from an attack and likewise to protect yourself from having to reveal data to the government, here are our tips on how to arm your company and yourself against cyber attacks.

    1. Assume it’s a matter of if, not when.
      There are many reports available in the public domain, mostly with disturbing statistics, like more than 90% of respondents to a Security Megatrends Survey admitting their companies have been victims of a cyber attack. That’s 10:1 odds that an attack WILL happen. Seems like a bad bet.
    2. IPD/IPS is not enough.
      Intrusion detection and prevention systems, though valuable, are not enough. Even with these protections in place, significant breaches still occur. It’s in the news all the time. IDS/IPS must be augmented with ongoing, 24×7, network recording and analysis. When a breach does occur, network recordings can be replayed and analyzed, providing the very best information to address the breach, including the ability to address the five key questions that need to be addressed whenever a breach occurs.
              1. Who was the intruder?
              2. How did the intruder penetrate security?
              3. What damage has been done?
              4. Did the intruder leave anything behind?
              5. How can we prevent this attack from reoccurring?
    3. Technology is not enough.
      Though technology is an instrumental part of any security solution, technology alone isn’t enough. Good old-fashioned policies and procedures must be established and enforced. More and more studies are indicating that Advanced Persistent Threats (APTs), which are becoming the most common form of attacks, often result from risky behaviors from within the network. Controlling and monitoring each individual user is not realistic, but a well-documented and socialized security plan can help users identify, and hopefully refrain from, risky behavior, especially if the magnitude of the risks is also made clear.

    Regardless of the outcome of the Cyber Intelligence Sharing and Protection Act, the best approach is to make every effort possible to prevent an attack from happening. Then, you won’t have worry about whether or not, and how, you want to share your cyber security data with the government.

      Aren’t all networks created equal, Google and Verizon?

      Posted on by .

        The latest flack around Google’s joint announcement with Verizon on preserving the open Internet has had its fair share of media attention. Here is the source document that created the latest fracas: Verizon-Google Legislative Framework Proposal.

        The joint Verizon-Google proposal addresses nine specific elements focused on preserving the open Internet (net neutrality.) These points include: consumer protections, non-discrimination requirement, transparency, network management, additional online services, wireless broadband, case-by-case enforcement, regulatory authority, and broadband access for Americans.

        It’s not our intent to address each point individually. Most are self-explanatory. What we want to do is highlight the largest issue with this attempt to make the Internet more accessible. That being said, Verizon and Google are essentially claiming wireless is different, and that data on wireless networks need not be as “neutral” as data on wired networks. According to the Wireless Broadband element, “Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time.”

        This is a pretty far-reaching statement, as it proposes to exempt wireless broadband networks from the consumer protections and non-discrimination requirement outlined in the proposal – the basic elements of net neutrality. The consumer protections element says service providers cannot prevent sending and receiving lawful content, running lawful applications, and connecting any legal devices to the network. The non-discrimination requirement prohibits service providers “from engaging in undue discrimination against any lawful Internet content, application or service in a manner that causes meaningful harm to competition or to users.” It goes on to be even more explicit: “Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard …”.

        If these proposals are accepted, providers of wireless services CAN block lawful traffic, applications and devices; and they can prioritize Internet traffic according to their own desires, presumably giving advantages to data or media from certain sources. But how did we get to this point? Aren’t wired and wireless networks essentially the same, other than the fact that wired networks got a head start? There are obviously some technological differences, but the underlying usage of the networks is the same, and that’s what defines a network - its usage. The same rules should apply to both wired and wireless networks, including blocking and prioritizing traffic differently depending on the source of the data. To make the claim that they should be treated differently because broadband wireless is “competitive and still-developing” seems quite self-serving. Couldn’t the same claim have been made for broadband-wired services 10 years ago?

        We are very interested to see if the proposals get accepted and how this debacle will ultimately turn out. There is definitely something to watch here, especially if you share our view that wired and wireless networks are created equal…

          Aren't all networks created equal, Google and Verizon?

          Posted on by .

            The latest flack around Google’s joint announcement with Verizon on preserving the open Internet has had its fair share of media attention. Here is the source document that created the latest fracas: Verizon-Google Legislative Framework Proposal.

            The joint Verizon-Google proposal addresses nine specific elements focused on preserving the open Internet (net neutrality.) These points include: consumer protections, non-discrimination requirement, transparency, network management, additional online services, wireless broadband, case-by-case enforcement, regulatory authority, and broadband access for Americans.

            It’s not our intent to address each point individually. Most are self-explanatory. What we want to do is highlight the largest issue with this attempt to make the Internet more accessible. That being said, Verizon and Google are essentially claiming wireless is different, and that data on wireless networks need not be as “neutral” as data on wired networks. According to the Wireless Broadband element, “Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time.”

            This is a pretty far-reaching statement, as it proposes to exempt wireless broadband networks from the consumer protections and non-discrimination requirement outlined in the proposal – the basic elements of net neutrality. The consumer protections element says service providers cannot prevent sending and receiving lawful content, running lawful applications, and connecting any legal devices to the network. The non-discrimination requirement prohibits service providers “from engaging in undue discrimination against any lawful Internet content, application or service in a manner that causes meaningful harm to competition or to users.” It goes on to be even more explicit: “Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard …”.

            If these proposals are accepted, providers of wireless services CAN block lawful traffic, applications and devices; and they can prioritize Internet traffic according to their own desires, presumably giving advantages to data or media from certain sources. But how did we get to this point? Aren’t wired and wireless networks essentially the same, other than the fact that wired networks got a head start? There are obviously some technological differences, but the underlying usage of the networks is the same, and that’s what defines a network - its usage. The same rules should apply to both wired and wireless networks, including blocking and prioritizing traffic differently depending on the source of the data. To make the claim that they should be treated differently because broadband wireless is “competitive and still-developing” seems quite self-serving. Couldn’t the same claim have been made for broadband-wired services 10 years ago?

            We are very interested to see if the proposals get accepted and how this debacle will ultimately turn out. There is definitely something to watch here, especially if you share our view that wired and wireless networks are created equal…