*Well, it's good news for the lobbyists of Verizon and AT&T, even if it does the rest of us no good.
*Via SANS
***************************************************************************
TOP OF THE NEWS
–Senate Passes CISA
(October 27 & 28, 2015)
The US Senate has passed the Cybersecurity Information Sharing Act
(CISA) by a significant margin. The bill still must survive conference
negotiation to reconcile the versions passed in each chamber before
heading for the president's desk.
http://www.theregister.co.uk/2015/10/28/senate_passes_cisa/
http://thehill.com/policy/cybersecurity/258305-overnight-cybersecurity-senate-overwhelmingly-passes-cybersecurity
http://thehill.com/policy/cybersecurity/258387-hurdles-remain-for-major-cyber-bill
[Editor's Note (Paller and Murray): This bill is not so much about
enabling sharing as it is about immunity from liability. It should be
called the AT&T/Verizon Protection Act. You are unlikely to see ANY
security improvement from the bill. Members of Congress who foisted this
on the American public as a security bill should be sued for
malpractice.
(Henry): I'm still very confused by all the talk about personally
identifiable information. The government needs threat actor information
- - Adversary tools, tactics, indicators of attack, etc. They can use
this aggregate intelligence to do broad analysis and attribution, and
to develop actions against those targeting the commercial sector. The
private sector, likewise, needs the same type of intelligence so they
can hunt on their networks for signs of Adversary activity, to detect
and mitigate the threats. Nowhere does anyone need to share customer
information or private data, or anything else that should concern
consumers or lawmakers. The USG needs to identify what specific
intelligence it needs, how it will be stored/used, and what the private
sector can expect back. Only then can a formalized framework be
established.]
