Security of information starts with the individual. But as more and more of us are relying on web hosting companies and the cloud to store our data, the responsibility for the safety and security of data extends to many people. The US Congress has been active in network security and are crafting legislation that will impact the business of hosting companies.
Two bills will have the most impact on us: the Cybersecurity Act of 2012 and the SECURE IT Act.
The Cybersecurity Act of 2012 is concerned with potential attacks on critical networks that support the US infrastructure. Examples of these are the air traffic control system and electrical power grids. Companies that manage these networks would have to prove that they are following a level of security that protects these resources from a cyber attack. Regulatory groups would be created to oversee these requirements.
The SECURE IT Act
The SECURE IT Act specifies ways that businesses and government can share information more readily. There is no regulatory system to manage this. There will be incentives to share information with the federal government about any potential cyber threats detected. There are also a number of criminal penalties defined for various cyber crimes such as stealing passwords or damaging important infrastructure systems.
While these two bills have similar goals, the major difference is in the use of government regulation to manage the process. Proponents of larger government control prefer the Cybersecurity Act of 2012. Others, including Sen. John McCain, the major sponsor of SECURE IT, want less government intervention and intrusion into civil rights.
In light of some form of cyber regulation being put into place, web hosting companies should position themselves to be ready to respond. Users of hosting companies should question their vendors about their plans. Users with web hosting from Yahoo or GoDaddy will probably find that these large companies are already preparing or currently have processes in place. Smaller companies may have a lot of work to do.
How Businesses Are Preparing
SECURE IT means that data will be shared in ways that could result in private information being given to the government. There is no stipulation that the information be “scrubbed” of personal identities. In other words, names, addresses and various ID’s could be given to government entities. A conscientious web hosting company will create procedures to remove that type of information from the data before it is shared, since it is not required to be there. Smaller, low budget companies may decide the financial impact is too great and just send the data through as is.
Under the SECURE IT Act, information shared with the government must also be shared with the military branch, including Homeland Security and the NSA. This is another reason that web hosting companies should remove private information from the stream before passing it on to these agencies.
Other privacy contracts, like the ones you may have agreed to when you hired a web hosting company, are overridden by SECURE IT. It is important that these companies include provisions in their privacy contracts that specify how they will handle the data sharing with the government.
One of the biggest concerns is that in SECURE IT, information that has been shared may be used in the investigation of a crime, even if it is not considered a cyber threat. By sharing private information, citizens may be put at risk of investigation. Again, this is a good reason to check with your hosting company. Even if you have web hosting from Yahoo or another large company, make sure that they will make the effort to protect your private information before sharing it with the government.
The intention of these bills is good. They hope to protect valuable US infrastructure from cyber attacks which are becoming an increasing threat. The inclusions in these bills, however, may put individual rights at risk. Find out from your web hosting vendor how they will address these requirements and continue to protect your valuable data.