Sen. Ron Johnson, R-Wis., held a hearing Wednesday to discuss the importance of information sharing in cybersecurity and heard testimony for revised legislation.
Sen. Tom Carper, D-Del., joined Johnson, chairman of the Committee on Homeland Security and Governmental Affairs, in hearing a panel of five expert witnesses from the cybersecurity field testify on the need for revised legislation in regard to information sharing between corporations and the government.
This rallying cry comes on the heels of several high profile hacks in 2014, including that of Sony Pictures Entertainment.
Scott Charney, corporate vice president for Microsoft’s Trustworthy Computing Group, explained that current laws make it difficult for companies to share real-time hacking information without being penalized. He argued that publicly sharing security breaches brings negative market results for corporations and that anonymity must be ensured for any information sharing.
Richard Bejtlich, the chief security strategist for the cybersecurity company FireEye, introduced the most troubling statistics. He stated that the average time between a breach and detection of hackers was 205 days and that the FBI or other outside sources discovered the hacks in 70 percent of these cases.
Software networks can be infiltrated for nearly seven months before hackers are noticed, Bejtlich said. This presents a problem that affects not only corporations but also other institutions like universities.
Bob Turner, chief information security officer at UW-Madison, said the information sharing culture must be more reciprocal if cybersecurity is to improve. While the government is often reluctant to share its cyber intel, improved reciprocity would go a long way in helping deal with cyber attacks.
UW-Madison’s top strategy for preventing such attacks is “a robust cybersecurity education training and awareness program,” Turner said.
Turner’s goal is to implement a program like this in the fall. He hopes it will become a staple of incoming student education.