Re: [cti] Cybersecurity Act of 2015

[Doug DePeppe <doug@eosedgelegal.com>]

It may soon evolve in the media and among the cyber community that other provisions of the bill attract greater attention than the privacy or government surveillance aspects of the bill.  

I am referring to the defensive measures language, including "mitigate", and how expansive defensive measures can be interpreted; and further, how the immunity provisions enable risk taking with respect to pushing the envelope of what defensive measures and business use cases will be permitted?  In short, where will the law go in permitting aggressive counterintelligence commercial businesses practices?  And what increased level of permissiveness will law enforcement allow, especially in early stages of its rollout?  

My prediction is that some companies (already doing aggressive practices) will come into the open with bold marketing in order to seize market share. Yet, it's not completely clear how much "mitigation" means, or will be construed by law enforcement to mean.

Doug

Douglas DePeppe, LLM, JD
EosEdge Legal
Cyberlaw and Services
719.357.8025


This email and any attachments contain information belonging to the sender which may be confidential and legally privileged.  The information is only for the intended recipient.  If you are not the intended recipient, any disclosure, copy, distribution, or action taken in reliance on the contents of the information contained in this transmission is strictly prohibited.  If you have received this transmission in error, promptly inform me and delete the message.

Sent from my Mobile

-------- Original message --------

From: "Jordan, Bret"

Date:12/19/2015 8:53 PM (GMT-07:00)

To: Mark Clancy

Cc: Jason Keirstead , tony@yaanatech.com, Rich Struse , cti@lists.oasis-open.org

Subject: Re: [cti] Cybersecurity Act of 2015

I just spent some time start flame wars on Facebook over this... How fun...  It is amazing how grossly inaccurate and ill educated people are on this topic.  The internet is a breading ground for false knowledge and sensationalism.  Everyone in this group needs to make some posts to social media talking about what this will do.  We need to help overcome the title wave of false knowledge.

Thanks,

Bret

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Dec 18, 2015, at 16:44, Mark Clancy <mclancy@soltra.com> wrote:

Well this site www.stopcyberthreats.com which was setup by the Financial service roundtable as a counter balance to the privacy lobby.

It has some solid counterpoints to those concerns
Mark

Sent from my Windows Phone

---

From: Jason Keirstead
Sent: ‎12/‎18/‎2015 3:43 PM
To: tony@yaanatech.com
Cc: Rich Struse; cti@lists.oasis-open.org
Subject: Re: [cti] Cybersecurity Act of 2015

Hi everyone - I just feel like I need to make a comment about this...

This act has received a lot of bad press and has been twisted around and reported on very inaccurately by a number of news outlets

This is just my two cents but I feel quite strongly that we all have a duty as a community in the CTI space to try to communicate, wherever appropriate and possible, the real risks that motivate the liability protections in this act and how threat information sharing actually works in practice. The way many of these news articles are written makes this act sound like a horrible blow to individual privacy, when it is nothing of the sort.

Just food for thought;

-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


<graycol.gif>Tony Rutkowski ---12/18/2015 04:19:53 PM---Hi Rich, Congratulations to you and your colleagues

From: Tony Rutkowski <tony@yaanatech.com>
To: Rich Struse <richard.struse@dhs.gov>, cti@lists.oasis-open.org
Date: 12/18/2015 04:19 PM
Subject: [cti] Cybersecurity Act of 2015
Sent by: <cti@lists.oasis-open.org>

---

Hi Rich,

Congratulations to you and your colleagues
at DHS, MITRE, DOD, and all who helped create
the ecosystem that allowed these provisions
to become law.

Because the provisions are so difficult to
parse in their native format, I've extracted
them and provided a more readable version.
I'm working on a fully hyperlinked version.

This Act definitely makes TC CTI a major
centerpiece for what is now the organic
law of the U.S.

cheers,
--tony

[attachment "Cybersecurity_Act_of_2015.pdf" deleted by Jason Keirstead/CanEast/IBM]
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php