My domain was on an Ubuntu LTS server that had reached the end of the LTS, so I had to move it a couple weeks ago. I created a new virtual server at Rackspace with a newer OS.<p>Within a very short time, there were several different IP addresses from Russia trying to guess the passwords for root and several other common accounts.<p>Not too long after, Chinese IP addresses joined the party.<p>Note that this was <i>before</i> I had finished migrating my domain to the new server (the Russians showed up before I even <i>started</i> the migration). None of my DNS entries pointed to the new server yet. They probably are scanning all Rackspace IP addresses looking for new servers. I would expect that the same happens at other major server providers.<p>I don't know if CISA is the right approach or not, but we need to do <i>something</i> to defend against this stuff.<p>If CISA is not the right approach, the opponents need to start suggesting an alternative that addresses the problem better, because otherwise the pressure is going to mount to pass something, and if CISA is the only proposal available that will be the one that passes.
It is truly fascinating (and of course, terrifying) to watch governments expect, demand and enforce complete transparency and blind trust from the people, while providing absolutely none of either.
One of the reasons legal immunity is being offered is because corporations are suspicious that the data will get used to enforce regulations, bring lawsuits or otherwise be a tool of legal pressure.<p>The Government in this case is willing to make a promise (who knows how well it will be kept) not to use the information for parallel construction or explicit enforcement. In turn they get to protect the business and American industries from cyber attacks and give the data for analysis and processing for whatever national security purposes the DoD deems necessary.<p>There are industries that are already onboarded - financial and energy. CISA would expand these to other industries.