Former NSA chief urges cybersecurity legislation

By Erin Ayers on January 14, 2015
Photo Credit: Don Pollard

Photo Credit: Don Pollard

Congress needs to pass cybersecurity legislation this year, in order to help both private industry and the government fight hackers by collaborating on expanded information sharing, according to former NSA director Gen. Keith Alexander, now a cybersecurity consultant.

Speaking one day after Central Command Twitter feed (@centcom) was hacked by alleged Islamic sympathizers, Alexander informed insurance professionals attending the annual Joint Industry Forum, “The government has the same types of problems that industry does.”

The federal government agencies battling cyber crime can freely share details of threats with each other, Alexander commented. However, he noted that private industry can’t currently share all threat information it has with government, due to both privacy and liability concerns. The existing structure of public-private collaboration culminated in the massive cyber attack on Sony Pictures.

“There’s no way for anybody to have helped Sony until after the fact,” Alexander said. The FBI does release private industry notifications and alerts to warn organizations and businesses about malware and other potential threats. Private security firms also track and collect threat information from which Alexander suggested the government would benefit.

“If we put together what industry and government sees, it would be far better than what they can do on their own,” said Alexander. He predicted Congress would take up bills relating to expanding information sharing this spring.

Earlier this week, President Barack Obama launched a cybersecurity proposal containing consumer data privacy initiatives, as well as some liability protections for private entities that share cyber threat information with the Department of Homeland Security (DHS). For many privacy advocates, this type of legislation resembles the reviled Cyber Intelligence Sharing and Protection Act (CISPA) of 2014 that seemed to spell the end of online privacy for companies and individuals. A version has already been introduced in the new Congress.

From Alexander’s perspective, law enforcement needs tools to fight cyber crime and, in a nod to his insurance industry audience, new laws must make clear where the liability will rest for entities that share information with the government.

“We can’t take away the tools from law enforcement and the intelligence community,” he said. “I do think we can come up with tools that go far beyond where they are today.”

erin.ayers@zywave.com'

Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].