An interesting article today in The Wall Street Journal.
The article highlights a plan in Congress to provide substantial limits to liability stemming from lawsuits against companies sharing information with the government for purposes of cybersecurity.
“There’s a hunger for reinforcements in this war, made more urgent by the recent damaging hacker attacks on Sony, Epsilon and RSA and the major but thwarted attack on defense contractor Lockheed,” the article states. (Note: I find the Lockheed reporting suspect. A recent Vanity Fair article seems to suggest that attack was not thwarted at all.)
So let’s assume this bill passes, and the NSA starts working with private industry to battle cyberterrorist attacks and more generally, unauthorized hacking efforts.
Who do you think makes that list that the NSA works with? An open enrollment seems unlikely if not an impossibility (Imagine that ad in thenewspaper, “Talk to your local NSA experts to find out what technologies and techniques the U.S. Government is using to battle cyberterrorism!”)
It will be a restricted list. It will be narrowly defined, it will be on a ‘need to know’ basis. And it will be those companies with strong enough IT teams to actually be able to contribute to the program in an effective manner.
The likely candidates are obvious.
- Defense Contractors (Boeing, Lockheed Martin, Northrop)
- Big Old Tech (IBM, Oracle, HP)
- Cloud computing providers (Amazon, Microsoft, Rackspace, Verizon, maybe Facebook)
If a company is not that list, they won’t get that information. But customers using those technolgies to protect your data will benefit tremendously from the knowledge sharing with NSA.
How many other companies make this list? Not many.
How many law firms? My guess is zero. Law firms must get out of the business of hosting their client’s highly confidential data. There is no feasible way for law firms to develop the in-house expertise to sufficiently protect their client’s data.