http://www.defenseone.com/technology/2015/04/how-pentagon-could-soon-share-americans-data-with-foreign-militaries/111553/
By Patrick Tucker
Defense One
April 30, 2015
As Ashton Carter unveiled the Pentagon's new Cyber Strategy last week, he
underscored its importance by revealing that DOD networks had been
infiltrated by actors within Russia. The defense secretary did not
emphasize a provision of the strategy that could send private data about
U.S. citizens and companies to foreign militaries.
Here’s what it says: “To improve shared situational awareness DOD will
partner with DHS [Department of Homeland Security] and other agencies to
develop continuous, automated, standardized mechanisms for sharing
information with each of its critical partners in the U.S. government, key
allied and partner militaries, state and local governments, and the
private sector. In addition, DOD will work with other U.S. government
agencies and Congress to support legislation that enables information
sharing between the U.S. government and the private sector.”
The new strategy indirectly, but unequivocally, ties into
information-sharing legislation that’s slowly making its way to the
President’s desk. Among the various bills moving around Capitol Hill, the
most important is the Cyber Information Sharing Act. Among other things,
CISA would protect companies from being sued for sending data about their
users to DHS, which would be permitted to send it in real time to DOD and
other U.S. agencies and outfits. In turn, DOD’s new strategy claims the
right to to share cyber threat data beyond the United States. Presumably,
that would include information obtained via CISA.
In particular, the new strategy pledges DOD cyber assistance, including
information sharing, to allies in the Middle East. “As a part of its cyber
dialogue and partnerships, DOD will work with key Middle Eastern allies
and partners to improve their ability to secure their military networks as
well as the critical infrastructure and key resources upon which U.S.
interests depend. Key initiatives include improved information sharing to
establish a unified understanding of the cyber threat, an assessment of
our mutual cyber defense posture, and collaborative approaches to building
cyber expertise.”
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
