Industry News

US Homeland Security Wants Subpoena Power to Get Data from ISPs about Vulnerable Systems

The US Cybersecurity and Infrastructure Security Agency (CISA), in charge of leading national cybersecurity and infrastructure resilience programs, wants a change to federal law that would allow it to inspect systems behind ISPs and notify them to fix problems.

The Department of Homeland Security, which oversees CISA, wants to learn about vulnerable systems before they become a security problem. But it still needs to go through the local federal agency to obtain a subpoena that can be used to oblige ISPs to provide data regarding their customers. Federal agencies won’t serve a subpoena unless an investigation is ongoing.

CISA, established a year ago, is obliged by law to warn owners of vulnerable systems, particularly for public utilities and other vital infrastructure. In theory, Homeland Security is only looking to enforce its mandate, but broadening the scope and powers of the agency would raise questions regarding the intrusion of the federal government into the private sector.

If CISA’s request is approved, the agency would be able to demand any information from ISPs related to any company or private individual. The problem is that IP and MAC addresses, along with other identifying characteristics, are not an absolute indication of who’s using a particular endpoint.

According to a TechCrunch report, a proposal to this effect was already submitted to Congress. “The proposal would ensure that businesses would take action if the advisory came directly from the government. The agency is working with lawmakers to prevent any overreach or potential abuse of the authority,” explained a CISA official speaking with TechCrunch.

As it stands, federal agencies can issues subpoenas in the course of a national security investigation without going through a court. CISA’s new-found powers would be even more encompassing, and it wouldn’t be all that surprising if other law enforcement agencies make the same requests.

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.