The largest difficulty I’ve with the CyberSecurity laws that is being put forth in Congress as of late is three-fold:
1. It has no tooth. It’s simply extra coverage with no accountability or significant penalties for non-compliance
2. It consists of paper audits — extra of the identical ineffective audits
three. The auditors wouldn’t be CyberSecurity consultants. This final one is insane.
This nation’s crucial infrastructure (energy grid, water provide, oil & gasoline refineries, and so on.) are run and managed by IT methods and software program purposes. These methods and purposes weren’t constructed with safety in thoughts and may solely be examined and measured by IT safety instruments within the arms of consultants. Past our crucial infrastructure, we even have 1000’s of IT methods and software program purposes managing delicate information — navy secrets and techniques, privateness data, our wired and wireless communication methods, and extra. Many of those methods are constructed and managed by giant authorities system integrators 동영상유포협박.
Till we now have IT-based coverage, coupled with IT-based controls, automated monitoring, and real penalties for non-compliance (which suggests monetary) we are going to proceed to fail on the subject of CyberSecurity safety. And we’re failing, make no mistake about that. 2011 had extra publicly-reported information breaches than any yr prior. Having spent 10 years working for numerous authorities agencies earlier than moving to the personal sector, I can inform you that the one distinction between 2011 and prior years is the “public” a part of these breaches — they have been taking place for years to authorities agencies, methods integrators, and the personal sector, however most weren’t reported publicly.
Consultant Jim Langevin of Rhode Island launched a cybersecurity invoice to Congress final March. There are 4 main options I like about this invoice:
1. It could give DHS the authority to compel personal companies deemed a part of the crucial infrastructure to adjust to federal safety requirements.
2. The requirements are based mostly on the suggestions of cyber consultants with first hand information of the fact of the challenges dealing with every business.