Coalition for Open Security
SIM's Advanced Practices Council has taken the lead on advocating for an open approach to cyber security by forming the Coalition for Open Security. The Coalition, whose goal is to help all organizations defend against cyber threats, advocates for an industry-led approach in which organizations pool their individual resources to build a more proactive, collaborative response to the threats of bad cyber actors and to use evidence, real-time data streams, and predictive analytics to better anticipate threats and attacks.
The Coalition's position statement contains three key objectives:
- Create a forum for organizations to identify the best tools for information sharing and cyber resiliency.
- Create an anonymous database of cyber attack and breach information.
- Support federal legislation that offers liability protections for firms that share threat information.
Since the third objective is critical to the achievement of the others, the Coalition, along with its knowledgeable and experienced advisors, have already started the process of sharing these ideas with high-level federal officials. Unfortunately, potential information-sharing protection legislation has died in Congress in recent years. This is the year it must finally become law. The steady stream of high-profile breaches of large firms and federal agencies might help that cause.
Why is federal legislation so critical?
We must eliminate all obstacles that currently get in the way of entities sharing their cyber attacks and threats as they occur. Legislation that protects them from any form of backlash or retribution or legal risk in sharing this information is required to make this happen. Evidence of that need is the recent appeals court ruling on the FTC's suit against Wyndham. In addition to towering legal fees and a damaged reputation, organizations that have been breached risk being slapped with fines.
Legislative protection would eliminate the time lag between when you know you've been hacked or exposed and when you report it. That could make a huge difference to other targeted organizations.
How can you help?
- Click HERE and enter your zip code to encourage your legislative representatives to support federal legislation that offers liability protections for firms that share threat information. You can include the following text or modify as appropriate:
"As a leader in the technology community, I urge you to support legislation that offers liability protections for firms that share cyber threat information. Organizations across all industries, sectors, and geographical boundaries must work collectively to openly identify, remediate, and communicate cyber threats in real time or near real time in a way that protects the organizations reporting the threats. An open forum led by the private sector will act as a clearinghouse to enable organizations to anonymously share, resolve, and eventually prevent attacks. But legislation is essential to remove current barriers to sharing cyber attacks and threats.
We need your help to enact the legislation required to enable open sharing of cyber information. Will you support this legislation and will you convey to President Obama and your fellow Congress members your strong support? That support is critical to us all.
Name and address of writer"
- Provide your name and contact information so we can update you on progress and ways you can support this critical effort in the future.