This weekend the House Subcommittee on Cybersecurity
Oversight held a closed, virtual hearing on the recent non-hacking
case investigation initiated by CSA’s Critical Infrastructure Security
Operations Center (CI-SOC). According to a press release from Chairman Richard
Gil (D,NY): “We tried to determine if either CI-SOC or the Federal Bureau of
Inquiry (FBI) complied with the restrictions imposed on the two agencies in the
authorizing language for the CI-SOC. At this point it appears that they did.”
The hearing was requested by Ranking Member Tucker Watts (R,GA)
who had expressed concerns about last week’s announcement
from National Association of Information Sharing and Analysis Centers (NAISACS)
that their member organizations would no longer be sharing threat information
with CI-SOC.
“CI-SOC can only be effective if they receive support from
the entire cybersecurity community. The free-flow of information between
researchers, ISACS and the Cybersecurity Agency is essential if we are to
successfully defend critical infrastructure from cyberattacks.” Watts said in a
press conference early this morning.
Both Watts and Sen TJ Kong (R,GA), were instrumental in
getting the CI-SOC authorization bill through Congress late last year. Kong has
also expressed concerns about the fallout from the first incident response from
CI-SOC. “We cannot expect the CSA to construct a Great Firewall around the USA,
nor do we want it to,” Kong said by telephone; “We set up CI-SOC to allow CSA
to provide small and medium sized businesses with security operations centers
that their larger competitors are able to establish in-house, leveling the
security playing field.”
Kong told this reporter that the Senate Select Committee on
Cybersecurity would be holding hearings on the MedDevice situation in late
September. “The FBI investigation needs to develop a bit more supporting
information before we can draw any real conclusions about the effectiveness of
the CI-SOC and its cooperation with both the private sector and the FBI,” he said.
A staffer for Watts told me that the Congressman’s office is
starting to look at crafting legislation that would require ISACS to share
information with CI-SOC. “We are working with both NAISACs and CI-SOC on
language that both can work with,” the staffer, who was not authorized to talk
to the press, said.
According to Gil, the Cybersecurity Oversight Committee will
be holding an open hearing in the coming weeks to hear concerns from NAISACS
and companies being supported by CI-SOC.
No comments:
Post a Comment