so heres my take on cispa
i dunno if anyone here has noticed that theres been lots of breach deadlines over the course of the last few years and companies everywhere are losing all of your information faster than they can collect it. a lot of it was driven by anonymous, but anonymous isnt the group that the government is actually real concerned about. the best description i heard about anonymous and whether it was "cyber war" was an army storming across your boarder and then going immediately to the post office and standing in line in front of everyone.
govs, military contractors, major companies, etc. are worried about apt (advanced persistent threat). these types of attackers are often government sponsored and usually interested in long-term access to strategically significant computer networks. the term first became popular after operation aurora in 2009 when google found evidence that the chinese government was all up in their business (
http://googleblog.blogspot.com/2010/01/ ... china.html), but since then more and more examples have been popping up. one of the most interesting ones was when someone broke into rsa to steal the information needed to compromise the session tokens, it is thought by most people that the information about the securid tokens was then used to attack lockheed martin, with the intention of stealing god knows what. im pretty sure lockheed contends that they got in, but didnt get anything that they wanted (which happens).
that said, when evidence of a breach like this starts to take place (and they happen all the time, they just might not wind up in headlines), the fbi is usually brought in to investigate and they classify most of what they find so people actually cant act on it. its the theory that you dont disturb the spider web, because as long as the web is still there, you know where the spider is. so they control the information so security vendors dont all of a sudden start blocking some ip address and tip off to some attacker that people are on to them, because the reality is that they still need more info.
this is where cispa comes in. gov and industry need a way to share classified stuff, specifically, signatures that go in network intrusion prevention systems. the way signatures work is that they look for malicious stuff in network traffic (whether thats like a flash object inside an excel document, or exploit code targeting a specific software vulnerability). anyway, they arent perfect and often times dont know exactly what they are looking for. false positives are a reality in every single intrusion prevention system on the planet because that is the nature of the technology that were talking about. not every threat looks the same on the network, so network protections need to look for weird stuff. maybe ive got a legitimate reason to embed a flash object inside an excel worksheet, but probably not, and if thats going over the wire you probably you want your network security technology flagging that.
so, in the case of apt, the government wants to ship classified signatures to private companies so that they can start looking for evidence of network intrusions that the gov is seeing somewhere. this is a borderline investigative process and the insight comes from when they start seeing the same stuff happening on a couple networks, or even different pieces of the puzzle. when the signature fires on a network, this is the specific information that everyone in the world who cares about security wants to make it easier to share. they want to take and share packet captures really quickly and do the whole "i see this happening, whatd you see, ok i saw this." its hard to understate how important this is.
however, like i said, the nature of ips signatures is that they do fire on legitimate network traffic sometimes. so, let's say i was sending a legit email with a flash object embedded in an excel s/s, and it was going across a network that had one of those classified government signatures that was looking for specifically that type of behavior, thats something that the company is then going to forward along, even though its my private communications and i havent done anything wrong. its the necessary evil.
however, where this all gets real questionable is around what the gov can write network ips signatures for. they could write signatures looking for certain types of plain text communication, put it under the banner of cyber security and then just run around with a public surveillance operation.
obviously no one wants that, but you should understand that the intent of this bill is not reprehensible in the same ways other recent cyber legislation has been (sopa).