The Sony Entertainment cyberattack has certainly inspired fear in the business world and now the government is taking action. The Cyber Intelligence Sharing and Protection Act is being reintroduced into Congress by United States Representative Dutch Ruppersberger.
"The reason I'm putting the bill in now is I want to keep the momentum going on what's happening out there in the world," Ruppersberger told The Hill.
According to Gizmodo, he is reintroducing the bill in an attempt to avoid future cyberattacks as big as the one that Sony suffered.
What the critics are saying
The bill has certainly been controversial. Gizmodo discussed the associated risks, including an invasion of privacy on the American people. When the bill was first introduced in 2012, the source mentioned how it was extremely flimsy in terms of guidelines and vague in explaining what the government was allowed to do.
The phrase "cyber threat" is thrown around in the bill without much definition as to what it means. The proposed legislation permits any private company, such as Facebook or YouTube, to give away any information about its users to any government agency, according to the news source.
A huge critic has been U.S. President Barack Obama himself, as he personally said he would veto the bill if it ended up on his desk. The legislation passed through the House in 2012, but stalled in the Senate because of concerns over public privacy. This time around, the House again passed it, but it is yet again dead in the Senate.
Many have criticized Ruppersberger's actions. According to The Hill, Capitol Hill has reacted strongly to the the cyberattack on Sony due to the suspected involvement of North Korea. Now there have been reports of an employee of Sony being involved, which could definitely put a strain on the way cybersecurity is approached within businesses.
Lawmakers criticized Sony's decision to pull the film "The Interview," on which the breach seemed to be focused. The film's premise is about two men assassinating North Korea's leader Kim Jon-Un. The cyberattack compromised various films and released all of them online - except for "The Interview." The hackers threatened to attack theaters that played the film referenced 9/11 as a inspiration for any retaliation. Sony ultimately limited its release to a small number of theaters.
How cybersecurity has changed
According to Dark Reading, cyberattacks have become the norm. Hackers have become skilled in infiltrating networks and taking any information they can find, bypassing security controls set up by companies.
"We are beginning to realize in some cases that the situation is far worse than we realized," Stephen Hultquist, chief evangelist at RedSeal Networks, told Dark Reading. "In some cases attackers have been inside networks for months and even years without being discovered."
Cyberattacks are executed by individuals who are willing to spend a lot of time researching, gathering information and finding out the right tactics to infiltrate a system. An additional article by Dark Reading highlighted how the Sony attackers could have just wiped the system to achieve their ends.
"Hackers are usually focused on the user, not the system," Gaby Friedlander, co-founder and CTO of ObserveIT, told Dark Reading. "But organizations are usually focused on the system, not the user. So hackers can go in through the front door."
Instead, the hackers behind the Sony attack took information by going as deep into the corporation as they could and stealing massive amounts of data. The public believed that the majority of cybercriminals were looking to take money from companies, but that is no longer the case. Now, hackers with a personal vendetta ruin parts of a venture's main system those personal reasons alone. However, even for individual hackers who don't have personal vendettas, enacting damage isn't that difficult.
"If your only goal is to do damage," Jonathan Sander, strategy and research officer for Stealthbits Technologies, told Dark Reading,"you don't need a lot of access."
The predicted future of cybersecurity
Extreme responses to the Sony attack, such as CISPA, will not be the fix that companies need. The attack on Sony was not due to the government lacking user information, but holes that the company lacked the initiative to fix. Giving the government the capability of reading user email will not prevent cyberattacks like Sony's.
The approach to cybersecurity has certainly changed. Email encryption was originally an additional tool that would help companies protect email information. However, enterprises have been utilizing secure email providers more and more to put basic security in place. It has become necessary to implement simple tools such as email encryption in a layer of cybersecurity.
It will be interesting to discover what the new year holds for companies in regard to cybersecurity. The U.S. government is certainly reacting strongly, along with many businesses that never thought they would need technology security measures prior to 2014. Businesses should keep a lookout for advancing cybersecurity measures and stay informed about how CISPA might affect them if it passes in the Senate.