The most important subject I’ve with the CyberSecurity laws that is being put forth in Congress lately is three-fold:
1. It has no tooth. It’s simply extra coverage with no accountability or significant penalties for non-compliance 몸캠피싱
2. It consists of paper audits — extra of the identical ineffective audits
three. The auditors wouldn’t be CyberSecurity specialists. This final one is insane.
This nation’s essential infrastructure (energy grid, water provide, oil & fuel refineries, and so on.) are run and managed by IT techniques and software program functions. These techniques and functions weren’t constructed with safety in thoughts and might solely be examined and measured by IT safety instruments within the arms of specialists. Past our essential infrastructure, we even have 1000’s of IT techniques and software program functions managing delicate information — navy secrets and techniques, privateness data, our wired and wireless communication techniques, and extra. Many of those techniques are constructed and managed by massive authorities system integrators.
Till we’ve got IT-based coverage, coupled with IT-based controls, automated monitoring, and real penalties for non-compliance (which suggests monetary) we’ll proceed to fail in the case of CyberSecurity safety. And we’re failing, make no mistake about that. 2011 had extra publicly-reported information breaches than any 12 months prior. Having spent 10 years working for numerous authorities agencies earlier than moving to the personal sector, I can inform you that the one distinction between 2011 and prior years is the “public” a part of these breaches — they have been occurring for years to authorities agencies, techniques integrators, and the personal sector, however most weren’t reported publicly.
Consultant Jim Langevin of Rhode Island launched a cybersecurity invoice to Congress final March. There are 4 main options I like about this invoice:
1. It will give DHS the authority to compel personal companies deemed a part of the essential infrastructure to adjust to federal safety requirements.
2. The requirements are based mostly on the suggestions of cyber specialists with first hand information of the fact of the challenges dealing with every trade.