Education & Training

Services & Support



{{search ? 'Close':'Search'}}

CA Technologies Addresses U.S. Congress on Cybersecurity Act of 2015

NEW YORK, June 15, 2016 — Mordecai Rosen, senior vice president and general manager for the cybersecurity business at CA Technologies (NASDAQ: CA), joined industry representatives to testify before the U.S. House Homeland Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. Rosen assessed implementation of the Cybersecurity Act of 2015, offered recommendations to help bolster participation in cyber threat information sharing programs, and highlighted new cybersecurity challenges facing the government and commercial sectors.

“Identity has become the attack vector of choice for cyber criminals. It is the single unifying control point in the application economy, critical to accessing all apps, devices, data and users,” said Rosen. “The Cybersecurity Act of 2015 includes guidance that addresses the need for identity protection, multi factor authentication, and least-privilege access controls to better protect the critical systems and infrastructure of our nation and our industries.”

Three core questions around the Act’s information sharing authorization relate to the timeliness and security of the information, and the liability protections afforded to participating organizations.

“To effectively thwart attacks, organizations will need to know that the information they receive through this program will be timely, accessible and actionable,” Rosen said. “Just as important as the timeliness, they will need to know that the shared information is secure. Trust is vital to the success of this program, and industry needs to know that the participants in the program are authenticated and that the data they share and receive is legitimate.

“Finally, further clarification is desired around the liability protections for sharing information with other private sector organizations and the automated removal of personally identifiable information,” Rosen added.

Rosen also outlined three recommendations related to specific provisions within the Cybersecurity Act of 2015:

  • Liability protection. “Cybersecurity information sharing is based on trust, and this trust needs to be underpinned by a strong understanding and certainty for participating companies that they have targeted liability protection for the data they share or receive. We encourage the DHS to actively engage with industry and legal groups to help them better understand the information sharing program, the responsibilities of participating organizations, and the liability protections that will be afforded participants.”
  • Preserving privacy. “The Cybersecurity Act of 2015 requires organizations and government to remove personally identifiable information (PII) of individuals not related to the threat from any threat information shared. The global IT industry is sensitive to issues of protecting privacy and enhancing trust in the solutions we deliver. Therefore, we believe the DHS and the Administration should remind constituents that the purpose of cyber threat indicator information sharing is to protect networks and not to collect information about individuals. Additionally, it’s important to help organizations understand there are tools to help them remove PII automatically, helping to lessen concerns about liability and enhance confidence in these programs. Finally, the DHS can work with sector-specific agencies to promote best-practice workshops on privacy protection, and encourage participation in the information sharing standards development process. 
  • Automated indicator sharing. “Any successful information sharing program must depend heavily on the authentication of the individuals and organizations that participate, and on the validity and integrity of the shared information. CA Technologies has been working with the DHS and other industry partners to help enable a secure, automated exchange of information across a wide range of different organizations. In support of this, we recommend that the DHS continue to leverage key outreach and partnership programs to help organizations understand the technical and procedural steps they need to take in order to participate. Finally, we recommend that the DHS and the federal government continue to promote the STIX/TAXII protocols with global standards development organizations. Cybersecurity is a global challenge; sharing threat information across borders is critical to combatting global cybercrime.”

CA Technologies is available to speak further about this topic. Please call or email the press contact below.

Press Contacts

Leanne Agurkis

CA Technologies
Phone: (386) 738 1912


CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at


Copyright © 2016 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Highlight – CA Technologies Blog

The world of enterprise IT is changing, fast. Keep up.

Modern Software Factory Hub

Your source for the tips, tools and insights to power your digital transformation.

Contact Us

We're here to help move your business forward.

View more ways to contact us >