Andrew Garbarino Asks Cyber Experts: What Would Happen If CISA 2015 Was Not Reauthorized?

Forbes Breaking News

During a House Homeland Security Committee hearing prior to the congressional recess, Rep. Andrew Garbarino (R-NY) spoke about the reauthorization of the CISA 2015 Act.

Transcript

00:00Gentleman yields back and I recognize myself for five minutes of questions and I just want to say

00:09since the beginning of Congress we have been approached by countless stakeholders about the

00:13need to reauthorize this of 2015. In fact we have eight statements that we will be submitting for

00:18the record one of which has 52 organizations as signatories so I would like to without objections

00:24at least to the record so so done okay wonderful so water yeah that's great I can do this by myself

00:32wonderful you know you all have said reauth has to happen so I'm going to start with that question

00:39everybody's saying that it has to happen and it sounds like clean reauth is everybody thinks is

00:46the best way to do it just to get it make sure it's done what would happen if the if this did

00:53not get reauthorized you can all jump in I'm going to hear from everybody I want we I feel like we

00:58need to get on the record why it's so important this has to be reauthorized what would happen if

01:02it wasn't reauthorized let's start uh Mr. Miller yeah thank you for the for the question chairman

01:10um you know I mean I think if it if it was not reauthorized there would be an immediate chilling

01:18effect at least for for for some organizations on their their willingness and ability to share

01:23because those express authorizations in the bill and those attendant liability protections uh would

01:31go away I I mean it's this is not to say that information sharing itself would completely stop

01:38um information sharing did occur before cisa 15 but a lot more of it is occurring uh after cisa 15 and

01:46in particular uh you know automated sharing at scale again as as I understand it as as a lawyer not

01:53as a cyber security operator didn't really exist in nearly the same way that it does today and the

01:59bill should be credited for that I I personally think it's an open question given um you know what

02:05exactly the fate of for instance the automated indicator sharing uh program at cisa would be if the bill

02:13went away because their authorization to run it would go away it doesn't mean they would necessarily

02:17stop doing it we don't have homeland uh authorizations every year as as you know but it would put things

02:23into question and so I think this would undermine a lot of certainty across industry and government

02:29and thus undermine the the certainty that we have with the trusted sharing partnerships that have

02:34been built since cisa 15. Mr. Rinaldo you're taking the decision from the ciso to the general

02:38council's office and that is going to slow everything us attorneys are the worst I wasn't I

02:44didn't say that I can say it's okay uh Mr. Shemek yeah reiterate that it's it's basically firms would

02:51immediately hesitate there'd be uncertainty and what would be shared um things would slow down the other

02:56thing is you would very much be locking out the small and medium-sized businesses and companies

03:00and vendors like this would be a big firm only play because we would be the only ones willing to try it

03:06willing to evaluate it um and then you'd also I think you'd start to see what we saw previously

03:11which is every firm building bilateral craters with the U.S. government instead of going through this

03:16uh through this uh framework it's a very key point thank you for making that Ms. Keene

03:21just to reaffirm everything that everyone else has said but you're right there was information

03:25sharing before 2015 you know we did have it but it was picking up the phone and kind of chatting

03:29behind closed doors and that's going to hinder you know from a both a proactive and a reactive

03:35you know cyber defense strategy if we don't have those safe harbors and to to my um fellow

03:40committee's point it it puts it in the hands of the lawyers and the reality is is that with AI

03:45coming in with what we're seeing with the rapid the rapid spread of threat um we don't have time

03:51for it to go to the lawyers at this point we have to be able to share information quickly

03:54yeah the slower we are the the more exposed we are 100 percent that information sharing is very

03:59important um mr shimek i want to ask you it you know you you both you work at um you work with

04:07sifma for a while uh and i wanted to know if you could specifically share some information

04:11with uh or some anecdotal uh information about how your uh your companies or other companies you've

04:18worked with have shared information under this law sure so what we'll use this for typically is

04:24we will provide the information via ais so we we have that path of sharing information with dhs when

04:30we need to we also use other mechanisms um phone calls email there's dhs provides multiple ways for

04:36us to submit information so it provides um you know maximum flexibility for firms to go do that

04:41but then it also enables us to go peer to peer there is probably not a day that goes by that i'm not

04:46talking to a peer cso out there on some issue that's going on either emerging or um or on an active

04:53threat that we're dealing with and this just provides us that flexibility to make sure that

04:56you know anything we're sharing we're protected um we're doing it under the best intentions um and

05:02so it really allows us to you know as we say in french this is a non-competitive topic for us

05:07we want to make sure that the entire system is protected because if there's an attack against one

05:11bank it calls into question the entire system and financial services more than anything else is built

05:16on trust i appreciate that my time has expired we're going to start a second round of question and i'm

05:21going to recognize for a second round of questioning the gentleman from florida mr jimenez five minutes

05:27okay

05:32thank you

05:36thank you

05:38thank you

05:39thank you

05:40thank you

Category

Transcript

Recommended