Language Selection

English French German Italian Portuguese Spanish

Inaction Could Lead to Cybersecurity Law

Filed under
Web
Legal

U.S. businesses for years have urged the government to let them set computer-security standards of their own, but their inability to do so could now prompt Congress to step in, experts say.

Those who worry that regulation may stifle innovation say the business community may have already missed an opportunity to prove the government's help is not needed.

"The market is in a much better position to respond to this challenge ... but corporate America has not provided evidence across the board that they've taken this issue seriously enough to protect consumers," said Bob Dix, a lobbyist for Citadel Security Software Inc., who until last year handled cybersecurity for a congressional subcommittee.

The private sector is under scrutiny after a string of incidents at data brokers, retailers and other businesses exposed at least half a million U.S. citizens to identity theft.

The business community for years has argued that any government regulations would quickly become outdated in a rapidly changing field, and a 2003 Bush administration plan called on the private sector to set its own standards.

Working with the Homeland Security Department, an industry-led task force issued a set of guidelines in April 2004 that called for company chief executives to take direct responsibility for their computer systems.

One year later, only two companies have adopted the guidelines: Entrust Inc. and RSA Security Inc., whose chief executives co-chaired the task force.

Corporate lawyers warned that any public security promises could open the door for lawsuits in the wake of a security breach, said Entrust CEO Bill Connor.

"Clearly people would rather be risk-averse to the legal side than risk-averse to the hacking and breaching," he said.

The Department of Homeland Security is also to blame for not promoting the guidelines after they were released, Connor said. A department spokeswoman did not return a call seeking comment.

A separate effort that took place on Capitol Hill had similar results.

Continued ...

More in Tux Machines

LoRa expansion boards work with Raspberry Pi SBC and Raspberry Pi Pico board (Crowdfunding)

We’ve covered a number of LoRa solutions based on Raspberry Pi boards, and SB Components is now offering another with the LoRa HAT for Raspberry Pi equipped with an Ebyte E22 LoRa module operating in either the 433 MHz, or 868 and 915 MHz bands. The company also offers a LoRa expansion for Pico based on the same E22 module, adding a small 1.14-inch LCD for information display, and designed for the Raspberry Pi Pico board with the RP2040 dual-core Cortex-M0+ microcontroller. Read more

Programming Leftovers

Proprietary Software and Security Leftovers

  • Microsoft a big part of the cyber security problem: Proofpoint exec

    Microsoft's technology plays a big role in facilitating increasingly devastating cyber attacks, a senior official at an email security firm says, accusing the Redmond behemoth of profiting from the existence of vulnerabilities.

  • 5G now means some flights won’t be able to land when pilots can’t see the runway

    Verizon and AT&T are hoping new swaths of C-band cellular radio spectrum will help make the 5G hype closer to reality, but the big mid-band 5G rollout may have a side effect. Airplanes rely on radio altimeters to tell how high they are above the ground to safely land when pilots can’t see, and the FAA is now instructing 6,834 of them to not do that at certain airports because of 5G interference.

    The FAA ruled on Tuesday that those thousands of US planes (and some helicopters) won’t be able to use many of the guided and automatic landing systems that are designed to work in poor visibility conditions, if they’re landing at an airport where there’s deemed to be enough interference that their altimeters aren’t reliable. “Landings during periods of low visibility could be limited due to concerns that the 5G signal could interfere with the accuracy of an airplane’s radio altimeter, without other mitigations in place,” an FAA spokesman tells The Verge.

  • Open source cloud native security analyzer Terrascan embeds security into native DevOps tooling - Help Net Security

    Tenable enhanced Terrascan, an open source cloud native security analyzer that helps developers secure Infrastructure as Code (IaC). The new capabilities enable organizations to embed security into their DevOps tooling, pipelines and supply chains, mitigating risks before infrastructure is provisioned.

  • Google Disrupts Botnet Targeting Windows Machines

    The company has also launched litigation against the Glupteba botnet, marking the first lawsuit against a blockchain-enabled botnet.

  • Pay a Hacker, Save a Life

Zorin OS 16 Lite Edition is Finally Here

Zorin OS 16 Lite brings all the goodness of Zorin OS 16 with an Xfce desktop environment. Let us take a look at it here. Read more