Cyber intelligence has emerged as the single most critical element in cyber defense. The private sector owns and operates the vast majority of the U.S. critical infrastructure which has become a high value target for those who wish to harm the United States. In addition, the private sector produces a substantive portion of the technology used to defend the nation, which if compromised could be very damaging.
On Dec. 1, 2011 the House Permanent Select Committee on Intelligence Committee Chairman Mike Rogers introduced what is being called a ground-breaking piece of legislation.
HR 3523 – The Cyber-Intelligence Sharing and Protection Act addresses the lack of cyber threat intelligence getting to those who need to know in the private sector.
The cost to the private sector is not clear, but there will be some internal costs to establishing the processes and safeguards necessary to handle the sensitive and classified data. The challenge will be as always – funding.
As one CISO I spoke to put it, “This is likely to be just another unfunded requirement that I can’t comply with.”
Today the private sector must be heavily integrated into our cyber defenses.
While there is disagreement with some aspects of HR 3523 most agree that sharing cyber threat intelligence reduces our risk. Make no mistake about it, this is a giant step in the right direction.