During lunch at ISSA-LA’s Security Summit IV event here at the Universal City Hilton, we heard a talk from Bruce W. McConnell, senior counselor for cybersecurity at the U.S. Department of Homeland Security. And while I can’t speak for the other attendees, I walked away with more questions than answers. I’m particularly puzzled by what he said — and didn’t say — about cybersecurity legislation pending in Congress. He spoke of the Obama Administration working with Congress on cybersecurity legislation. He joked about Congress’ perceived inability to push through a federal cybersecurity law to supplant all those state data security laws we’ve been living with in recent years. He admitted that one of the challenges is for the public and private sectors to clarify the role government must play in this dangerous new world. Then he said things that puzzled me further. One item was a suggestion that government isn’t out to invade citizens’ privacy and how, after all, wiretapping is illegal. Then he noted the challenges of the U.S. reaching a better consensus with Europe on how best to proceed. “Europe is very concerned about data privacy,” he said. “Europe wants more power for individuals to control their own privacy.” He said that like it’s a bad thing. Perhaps I’m being too hard on the man. He is, after all, doing his job — to communicate where the government stands. And, to his credit, he admitted that the right balance between privacy and security is still in flux. “The challenge is threading the needle between privacy and security” is how he put it. But I have heard many valid concerns about the latest attempt at legislating cybersecurity — the Cyber Intelligence Sharing and Protection Act ( CISPA). A lot of smart people in the security community worry the bill as currently written will allow the government to overreach and dip deep into our privacy in the name of information sharing and attack prevention, as was the case with the PATRIOT ACT following 9-11. McConnell didn’t address those concerns. As the Q&A portion of the program commenced, I resolved to ask about CISPA after a few more people got to ask questions. But the clock ran out before I got my chance. That’s OK, though. I doubt he would have answered the question anyway. That’s the problem with government today. There’s a growing sense that citizens’ questions need not be answered directly; that the average citizen is too far removed to know what they’re asking about. There’s also the sense that rubbing away our privacy is an acceptable action in the pursuit of security. In that environment, we have to keep the pointed questions coming and pile on until the government feels too much pressure to avoid the straight answers any longer. I do have hope. The people did succeed in derailing SOPA-PIPA, after all. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe