The U.S. government and companies operating vital computer networks would be encouraged to share information about cybersecurity threats under a bill introduced today by House Republicans. Companies including Verizon Communications Inc. (VZ), Comcast Corp. (CMCSA) and Consolidated Edison Inc. would be offered incentives, such as protection from lawsuits, in exchange for sharing cyber threat information with the government, Representative Mary Bono Mack, a California Republican, said in a statement.
The Cybersecurity Act of 2012 recently introduced in the Senate Homeland Security and Governance Affairs Committee has been touted as the latest bipartisan attempt to enhance the nation's cybersecurity. If enacted, the bill would grant new powers to the Department of Homeland Security (DHS) to oversee U.S. government cybersecurity, set "cybersecurity performance requirements" for firms operating what DHS deems to be "critical infrastructure," and create "exchanges" to promote information sharing. In its current form, the bill is a useful step in the right direction but falls short of what is required. Fundamentally, the bill misconstrues the scale and complexity of the evolving cyber threat, defining critical infrastructure too narrowly and relying too much on voluntary incentives and risk mitigation strategies. In this, it might improve on the status quo, but it will not foster genuine and lasting cybersecurity.
Three years ago one of the largest payment processors in the country reported that hackers had accessed its computer system, exposing millions of credit card numbers in what is believed to be the largest hacking-related security breach ever. Heartland Payment Systems' CEO said at the time that the breach had occurred in 2008, but had only been discovered in January 2009. According to the DataLossDB site, the Heartland breach involved 130 million credit and debit card numbers. The company was sued by shareholders, but the suit was dismissed. Meanwhile, after pleading guilty to that hack as well as a slew of others, former government informant Albert Gonzalez is serving a 20-years prison sentence.
In a major action against the banking trojan Zeus, Microsoft with FS-ISAC and NACHA and research from Kyrus Tech and F-Secure have succeeded in disrupting a number of the most harmful Zeus botnets in “in an unprecedented, proactive cross-industry action.” This is the fourth high-profile takedown operation in Microsoft’s Project MARS (Microsoft Active Response for Security) initiative. Earlier operations included successful actions against the Waledac, Rustock and Kelihos botnets.
Last week was a bad one to be a cybercrook. Authorities in Russia arrested several men thought to be behind the Carberp banking Trojan, and obtained a guilty verdict against the infamous spammer Leo Kuvayev. In the United States, a jury returned a 33-month jail sentence against a Belarusian who ran a call service for cyber thieves. At the same time, U.S. prosecutors secured a guilty plea against a Russian man who was part of a gang that stole more than $3 million from U.S. businesses fleeced with the help of the ZeuS Trojan.
The ThreatGeek Top 5 is a weekly post that identifies relevant industry news and stories. Check in to stay up to date with the latest happenings throughout the industry.