"We will provide critical infrastructure owners and operators the timely access to actionable cybersecurity information necessary to protect their own networks and facilities," says one of bill's chief sponsors, Rep. Dan Lungren.
U.S. and Estonian authorities have broken up one of the largest Internet crime schemes that allegedly netted $14 million in fraudulent advertising fees and infected 4 million computers in 100 countries.
RSA Chief Executive Art Coviello challenged a widespread belief that cybersecurity awareness could curb cyberthreats: "There's no amount of consumer education to make them smart enough to resist attacks. They're just too sophisticated."
Intelligence expert Terry Roberts says cyber intelligence, a new approach to IT security, could make significant gains in the coming year. "The good thing is, this isn't really rocket science," says the chair of the Intelligence and National Security Alliance's Cyber Council.
Creating a culture of security within an organization may be on CISOs' wish lists, but it's often hard to educate and spread that message, says Justin Somaini, chief information security officer at Yahoo.
Yahoo's Justin Somaini believes his fellow CISOs in business and government do a good job keeping their bosses informed of proper information security practices, but could do better in educating the rank and file about them.
"The action and manifestation of risk is not necessarily evident to today's users in the way it was in the past, and that creates a big inherent challenge for a CISO," says Malcolm Harkins, CISO at Intel Corp.
Eddie Schwartz didn't shy away from the offer to become RSA's first chief security officer after the security firm experienced a sophisticated advanced-persistent-threat breach. Instead, Schwartz embraced the hack as the reason to take the job. (See RSA to Get Its First Chief Security Officer.)