The easier computer technology is to use the greater the threats companies and governments face. In the report by Steve Kroft for 60 minutes he reports SATCOM being hacked. SATCOM is linked to this countries defense grid. Our stock markets and banking system have been robbed for over $100 million dollars in recent years and there has been an actual attack on a countries power grid. This countries power grid is constantly being probed. These are all critical points of interest for our government. And they are currently not being properly secured. The source of income for future attacks for criminals might be as hired guns for smaller countries or terrorist organizations, and without some oversight by the government on vital industries to ensure national security we may very well see in the near future an cyberattack that causes major disruption to a countries way of life (most likely ours). The realization of this eminent threat should have caused governments to intervene and regulatecybercrime. For a country like the United States this will be considered taboo but computer security may soon be looked at like an environmental concern, or how our food and drugs are processed. We may soon have a new department that enforces security standards for industries whose services keep that country running. This would be another plus for the ever growing security industry, because it would guarantee a demand for new security solutions and professionals to apply them. But, legislation like this would be met with a lot of resistance; at least in countries where companies and people have a right to civil discourse. This would change the way many companies do business, and would open the door to a new type of lobbyist in Washington D.C. In the United States there have already been attempts made to legislate security requirements for some industries. There are few federal cyber-security regulations, and the ones that exist focus on specific industries. The three main cyber-security regulations are the 1996 Health Insurance Portability and Accountability Act, the 1999 Gramm-Leach-Bliley Act and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA). These three regulations mandate that health care organizations, financial institutions and federal agencies protect their systems and information. For example, FISMA, which applies to every government agency, “requires the development and implementation of mandatory policies, principles, standards, and guidelines on information security.” But, these regulations do not address numerous computer related industries, such as Internet Service Providers (ISPs) and software companies. Furthermore, these regulations do not specify what cyber-security measures must be implemented and require only a “reasonable” level of security. The vague language of these regulations leaves plenty of room for interpretation. Bruce Schneier, founder of Cupertino’s Counterpane Internet Security, argues that companies will not make sufficient investments in cyber-security unless government forces them to do so. He also states that successful cyber-attacks on government systems still occur despite government efforts (Wikipedia). If the government cannot stop the attacks how can it mandate requirements to secure the systems of the industries they wish to regulate? In 2003 the federal government tried to improve cyber-security by assigning more resources to research and collaborating with the private-sector to write standards. In 2003, President Bush’s “National Strategy to Secure Cyberspace” made the Department of Homeland Security (DHS) responsible for security recommendations and researching national solutions. The plan calls for joint efforts between government and industry “to create an emergency response system to cyber-attacks and to reduce the nation’s vulnerability to such threats.”In 2004, Congress allocated $4.7 billion toward cyber-security and reaching the goals stated in the President’s National Strategy to Secure Cyberspace. Some industry security experts stated that President Bush’s National Strategy to Secure Cyberspace was a good first step but was still insufficient. Bruce Schneier stated that “The National Strategy to Secure Cyberspace hasn’t secured anything yet.” However, the President’s National Strategy clearly states that the purpose is to provide a framework for the owners of computer systems to improve their security rather than the government taking over and solving the problem. Companies that participate in the collaborative efforts outlined in the strategy are not required to adopt the discovered security solutions (Wikipedia.org). Once again legislation for cyber-security which only suggests good practice but did not mandate.
Kroft, Steven (2009, November) Sabotaging the System. CBSNEWS.com
Retrieved on April 23,2010 http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtmlhttp://en.wikipedia.org/wiki/Cyber-security_regulation
0 comments:
Post a Comment