Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Learning to Share. To Prevent Possible Future Cyberattacks from Iran, Russia or China, Senate Again Takes Up Public/Private Information Sharing Bill.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

Is it possible that both parties in Congress are actually getting closer to an agreement on something  – besides that the other party is at fault for not doing anything? Which is something – perhaps.

The point is that under threat of cyberattack from Iran, Russia or China, the United States Senate is again taking up a modified version of the Cybersecurity Act of 2012.

According to a piece in, both parties agree there should be an exchange of threat information between government and the private sector. However, how to do it “without imposing onerous red tape on the private sector” is open to question. Incidentally, ever wonder about where the term” red tape” comes from? It turns out red tape goes back to seventeen hundreds England where thick legal documents were bound with red cloth tape. You literally had to cut through the red tape to things moving.

And red tape is seen by some in the administration’s plan to flow data through the Department of Homeland Security (DHS). Bearing in mind the bill has to pass the House of Representatives as well as the Senate, quotes Rep. Ron Paul (R-TX) calling the measure “big brother writ at large” [and saying DHS is] an “inefficient and redundant entity…. It’s the inefficiency of the bureaucracy that is the problem. So, increasing this with the Department of Homeland Security and spending more money doesn’t absolve us of the problem.”

Having been created under the Bush presidency, many other Republicans do support the Department of Homeland Security handling all terror threats including cyberterror threats.

Observes, “The part that bothers the majority of Republicans is opposition from major businesses which fear Sec. 102 ‘Sector-by-sector cyber risk assessments.’ The concern from the private sector lies not so much in the cost – businesses will generally be forced to perform such risk analyses anyhow. Rather, there’s fear that the government could lose this data as it has lost masses of data in the past (Wikileaks, anyone?) exposing potentially embarrassing and damaging vulnerabilities.”

The administration could edit the bill’s language while maintaining the basic concept of the government sharing information on threats with private sector firms like banks and defense contractors.

Notes, “The revised bill is likely to move closer to a bipartisan bill proposed by House of Representatives by Chairman of the House Intelligence Committee Rep. Mike Rogers (R-MI) and the top Democrat on that panel, Rep. C.A. Ruppersberger (D-MD).

“The plan is to pass the pared down bill, which some critics call a ‘watered down’ version of S. 3414. President Obama will then try to implement some of the removed features via executive orders, placing the blame or credit for them on his own administration, not Congress”.

Department of Homeland Security Secretary Janet Napolitano maintains the bill would not create a new bureaucracy. It would, however, improve and codify efforts that are already underway.

Even if passed, there are those who don’t think the measure goes far enough in protecting U.S. cyberspace. CrowdStrike’s chief technology officer Dmitri Alperovitch, told Reuters the bill doesn’t speak to counterstrikes or offline trade repercussions against those initiate attacks, “We’re having the wrong debate. What’s the benefit of information-sharing if you’re not going to act on the information?”

By ThreatMetrix Posted