The new cyberstrategy at the Department of Defense includes the possibility of sharing information about U.S. citizens with foreign militaries — a point that Defense Secretary Ashton Carter did not discuss at length when he unveiled the plan last week.
Carter described the "three missions" of the cyberstrategy during a speech at Stanford University, where he discussed the plan publicly for the first time on April 23.
"The first is to defend DoD networks, systems, and information," Carter said.
"The second is to defend the U.S. homeland and U.S. national interests against cyberattacks of significant consequence," he said. "And the third is to provide integrated cyber capabilities to support military operations and contingency plans."
According to Defense One, within that plan is the possibility that the Defense Department could share private data about U.S. citizens as well as U.S. companies to foreign governments.
"To improve shared situational awareness DoD will partner with DHS and other agencies to develop continuous, automated, standardized mechanisms for sharing information with each of its critical partners in the U.S. government, key allied and partner militaries, state and local governments, and the private sector,"
the Defense Department says in its report outlining its cyberstrategy.
"In addition, DoD will work with other U.S. government agencies and Congress to support legislation that enables information sharing between the U.S. government and the private sector," it says.
The National Journal contends that the strategy is indirectly tied to the Cyber Information Sharing Act (CISA) that likely will be signed by President Barack Obama.
That legislation, if passed, would give companies protections against lawsuits for sharing information with the Department of Homeland Security, which would then be able to share that information with the Department of Defense as well as other federal agencies. And this is coupled with DOD's Cyber Strategy, which includes sharing information with "partner militaries," which would presumably include data gathered through CISA, Defense One argues.
"As a part of its cyber dialogue and partnerships, DoD will work with key Middle Eastern allies and partners to improve their ability to secure their military networks as well as the critical infrastructure and key resources upon which U.S. interests depend," the Defense Department's cyberstrategy report says.
"Key initiatives include improved information sharing to establish a unified understanding of the cyber threat, an assessment of our mutual cyber defense posture, and collaborative approaches to building cyber expertise," it adds.
Adm. Michael Rogers is an advocate of the Cyber Information Sharing Act, and says information sharing with the FBI helped determine that North Korea was behind the cyberattack against Sony at the end of 2014.
But Defense One says that these laws pose some questions about just how far such information sharing will go.
"If CISA or its cousins becomes law, what kind of information might fly from company servers to DHS to DOD and then around world?"
Robyn Greene, policy counsel for the Open Technology Institute at the New America Foundation, says that the laws put very few limits on how the federal agencies could share information, and they would "seriously undermine Americans' Fourth Amendment rights" and "create an expansive new means of general-purpose government surveillance."
In CISA's current form there are not a lot of limits on how the information can be used, but Greene said that the law could be improved if sharing is limited only to data that has to do with a cyber threat and not other criminal activity. She also recommends some kind of recourse that consumers can follow, if there are any damages as a result of the information sharing.
Others argue that sharing information about things such as administrative behavior and other activities that may go under the radar, could help companies and government agencies around the world better detect cyberattacks.
But some say that bills like CISA don't go far enough and there needs to be more incentive for companies to share data than liability protections.
© 2024 Newsmax. All rights reserved.