1 / 10

Data Breach as a Critical Infrastructure & Computer Security Issue

This briefing highlights the importance of data breach legislation for protecting critical infrastructure and promoting computer security. It emphasizes the need for strong security practices and incentives for improved security. The briefing also discusses the challenges faced in critical infrastructure protection and the impact of weak security on national and homeland security. Additionally, it suggests actions to prevent data breaches and enhance security measures.

kerrymartinez
Download Presentation

Data Breach as a Critical Infrastructure & Computer Security Issue

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American Progress Senate Banking Briefing July 9, 2007

  2. Overview • Theme: data breach legislation is crucial for protecting critical infrastructure & promoting computer security • “Harm” is to national and homeland security if have weak security & more breaches • Is an important reason not to lower trigger from current practice • We should also create incentives for improved security going forward

  3. Critical Infrastructure Protection • 90% of critical infrastructure in private sector • We have had lots of obstacles to CIP • Turnover at DHS • Refusal to set any CIP standards for the private sector • The practices that prevent breach tighten overall security, and protect critical infrastructure

  4. Computer Security • Security is a cost center in companies • Hard to get budget & do needed upgrades • If a breach & no disclosure • Direct harm is to outsiders, whose personal information is lost • Little or no harm to the company • Classic externality – harms go outside, and thus under-protect

  5. GLB Safeguards Enough? • I don’t think so, even for banking sector • Is a good first step • Once plan is in place, tendency to sit on the shelf • “We’ve done that” & don’t update effectively

  6. Data Breach as Key Protection • No tort damages, so disclosure is the main incentive to improve security • D.B. as key driver for budget & management attention to computer security • Fear of reputation loss once disclose • Avoid costs of sending notice • Management wants to “do it right” once attention forced onto the breach

  7. What To Do - 1 • Don’t weaken critical infrastructure and computer security • If trigger is too low, then the ecosystem is “harmed” • Weaker overall national and computer security • Plus, recent evidence of stolen identity credentials as growing funding source for organized crime and international terrorism

  8. What To Do - 2 • My article, at ssrn.com/abstract=842228 • Report to security database if incident is significant but less than notice trigger • Creates the information we need for security research • More efficient prevention & response over time • S. 496, Sec. 316 is good – it does this • It has database with Secret Service – other agency?

  9. What To Do - 3 • Hold hearings to confirm these security realities • Legislative findings in preamble to show that security is a goal • In sum, don’t create “harm” to computer, homeland, and national security by weakening current protections

  10. Contact Information • Phone: (240) 994-4142 • Email: peter@peterswire.net • Web: www.peterswire.net

More Related