52 min
113: CISA is Law Congressional Dish
-
- Government
Cybersecurity or surveillance? What does the language attached at the last minute to the 2,009 page omnibus government funding bill actually authorize? In this episode, we take a close look at what just became law. Please support Congressional Dish: to contribute with PayPal or Bitcoin; click the PayPal "Make it Monthly" checkbox to create a monthly subscription to support Congressional Dish for each episode via Patreon Mail Contributions to: 5753 Hwy 85 North #4576 Crestview, FL 32536 Thank you for supporting truly independent media! The Cybersecurity Act of 2015 was attached at the last minute to the "omnibus" government funding bill, which was 2,009 pages long and available to read for less than three days before it became law. This is and outline of what became law: "": "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of Government" Does NOT include the Government Accountability Office, Federal Election Commission, or Government-owned contractor-operated facilities "": An action that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system". "": "Information that is necessary to describe or identify"... Spying, including strange patterns of communications that appear to be collecting technical information Security breaches Security vulnerabilities A legitimate user being used to defeat a security system Malicious cyber command and control "The actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat" "Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law" "": "Any , non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof)" Does not include a foreign power, Procedures for sharing information both within and outside the Federal government will be created by: Director of National Intelligence Secretary of Homeland Security Secretary of Defense Attorney General ... Allow real time sharing of information Include requirements for the government to protect the information from unauthorized access Require Federal entities to review cyber threat indicators for information not directly related to the threat that contains information that identifies a specific individual and remove the information Include procedures for notifying "any United States person" whose information has been shared by the Federal government Non-Federal entities sharing information mush "review" the information for "personal information of a specific individual" and "remove such information" OR have a technical way of removing the information it "knows at the time of sharing" to be personal information. and can use the information they receive for... Cybersecurity Preventing a specific threat of death, serious bodily harm, or specific threat of serious economic harm Investigating, prosecuting, and preventing serious threats to minors, including sexual exploitation and threats to physical safety ... , , , , Information shared will be Policies will be written by... Attorney General Secretary of Homeland Security Policies must create a way to share information "" Dept. of Commerce Dept. of Defense Dept. of Energy Dept. of Homeland Security Dept. of Justice Dept. of Treasury Office of the Director of National Intelligence Information ... Attorney General Secretary of Homeland Security In consultation with the "Private entities with industry expertise as the Attorney General and the Secretary consider relevant" Information shared with the Federal governme
Cybersecurity or surveillance? What does the language attached at the last minute to the 2,009 page omnibus government funding bill actually authorize? In this episode, we take a close look at what just became law. Please support Congressional Dish: to contribute with PayPal or Bitcoin; click the PayPal "Make it Monthly" checkbox to create a monthly subscription to support Congressional Dish for each episode via Patreon Mail Contributions to: 5753 Hwy 85 North #4576 Crestview, FL 32536 Thank you for supporting truly independent media! The Cybersecurity Act of 2015 was attached at the last minute to the "omnibus" government funding bill, which was 2,009 pages long and available to read for less than three days before it became law. This is and outline of what became law: "": "Any executive department, military department, Government corporation, Government controlled corporation, or other establishment in the executive branch of Government" Does NOT include the Government Accountability Office, Federal Election Commission, or Government-owned contractor-operated facilities "": An action that "may result in an unauthorized effort to adversely impact the security, availability, confidentiality, or integrity of an information system or information that is stored on, processed by, or transiting an information system". "": "Information that is necessary to describe or identify"... Spying, including strange patterns of communications that appear to be collecting technical information Security breaches Security vulnerabilities A legitimate user being used to defeat a security system Malicious cyber command and control "The actual or potential harm caused by an incident, including a description of the information exfiltrated as a result of a particular cybersecurity threat" "Any other attribute of a cybersecurity threat, if disclosure of such attribute is not otherwise prohibited by law" "": "Any , non-Federal government agency or department, or State, tribal, or local government (including a political subdivision, department, or component thereof)" Does not include a foreign power, Procedures for sharing information both within and outside the Federal government will be created by: Director of National Intelligence Secretary of Homeland Security Secretary of Defense Attorney General ... Allow real time sharing of information Include requirements for the government to protect the information from unauthorized access Require Federal entities to review cyber threat indicators for information not directly related to the threat that contains information that identifies a specific individual and remove the information Include procedures for notifying "any United States person" whose information has been shared by the Federal government Non-Federal entities sharing information mush "review" the information for "personal information of a specific individual" and "remove such information" OR have a technical way of removing the information it "knows at the time of sharing" to be personal information. and can use the information they receive for... Cybersecurity Preventing a specific threat of death, serious bodily harm, or specific threat of serious economic harm Investigating, prosecuting, and preventing serious threats to minors, including sexual exploitation and threats to physical safety ... , , , , Information shared will be Policies will be written by... Attorney General Secretary of Homeland Security Policies must create a way to share information "" Dept. of Commerce Dept. of Defense Dept. of Energy Dept. of Homeland Security Dept. of Justice Dept. of Treasury Office of the Director of National Intelligence Information ... Attorney General Secretary of Homeland Security In consultation with the "Private entities with industry expertise as the Attorney General and the Secretary consider relevant" Information shared with the Federal governme
52 min