HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
The President says that recent cyber attacks demonstrate the need for tougher laws on cybersecurity.
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
President Says Hacks Show Need For Cybersecurity Law
- Thread starter HardOCP News
- Start date
atp1916
[H]ard|DCoTM x1
- Joined
- Jun 18, 2004
- Messages
- 5,004
Terrorists don't follow laws last i checked.
OlIv0rIolI
Gawd
- Joined
- Dec 2, 2005
- Messages
- 634
Here we go again, another excuse for big brother
amddragonpc
[H]ard|Gawd
- Joined
- Sep 20, 2012
- Messages
- 1,996
So what's the law going to be? Ban COMPUTERS? Oh wait, I know ... TAX COMPUTER usage. That way, it's an automatic fine when these hackers use their computers illegally because they have circumvented the taxing system.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
OR! We could put stronger rules for cyber security with companies like Sony who pay nearly nothing for theirs.
infin@
Gawd
- Joined
- Oct 18, 2006
- Messages
- 812
Well, they did just pass new laws under the Safety Act which limits a businesses liability if the get hacked as long as they sign up under the Safety Act, implement Federal IA Guidance, and have their systems security scanned routinely for vulnerabilities by the Government. Which of course doesn't mean they won't get hacked, it just means they can't be sued. Now Obama suggest further reductions in liability, meaning again that we can't sue, if they share data with the government over their security breaches.
Of course the new laws aren't going to be aimed so much at punishing the hackers, the laws are aimed at making it easier and less risky for private businesses to work with the government on this stuff.
So Ashbringer you already got your wish, just not the way you think you wanted it
aShrubbery!
[H]ard|Gawd
- Joined
- Jul 28, 2007
- Messages
- 1,029
Just like Ashbringer said ...
These laws would - should? - penalize those who deal with stolen data more harshly.
Also, these laws should make it mandatory for businesses, which have access and hoard private information on individuals, to beef up their cyber-security. Case in point, Home Depot whose IT sec guys warned the executives there were serious weaknesses, yet those failed to do squat.
In essence, it could be law that is also aimed at businesses, and that would punish any inactivity on their part.
aShrubbery!
[H]ard|Gawd
- Joined
- Jul 28, 2007
- Messages
- 1,029
HEHEHE... how can businesses be coerced into taking more serious steps to protect private data, if they allow them to get away with it if they don't?
That almost sounds like a hardcore pro-business Republican.
I wonder, did the industry have a hand in the writing of these laws?
amddragonpc
[H]ard|Gawd
- Joined
- Sep 20, 2012
- Messages
- 1,996
Interesting ... so the government can scan the company computers who signed up? Wow, talk about the data mining possibilities ...
Simmonz
2[H]4U
- Joined
- May 14, 2008
- Messages
- 2,506
Well, they did just pass new laws under the Safety Act which limits a businesses liability if the get hacked as long as they sign up under the Safety Act, implement Federal IA Guidance, and have their systems security scanned routinely for vulnerabilities by the Government. Which of course doesn't mean they won't get hacked, it just means they can't be sued. Now Obama suggest further reductions in liability, meaning again that we can't sue, if they share data with the government over their security breaches.
Of course the new laws aren't going to be aimed so much at punishing the hackers, the laws are aimed at making it easier and less risky for private businesses to work with the government on this stuff.
So Ashbringer you already got your wish, just not the way you think you wanted it
I'm not shocked at all that the government chose that way to do it but it doesn't make me any less disgusted by it.
Ashbringer
Supreme [H]ardness
- Joined
- Jan 25, 2010
- Messages
- 5,522
You're better off with stronger rules for security than a law for scrutiny. Look at Lizard Squad. They're have members all over the world. It's cheaper to spend more money on better security, and enforce it with laws. Like not storing passwords in plain text files.
D
Deleted member 88227
Guest
All this law and any law for that matter is just a way to prosecute people who are caught doing it. It's not going to stop anyone from breaking the law; but allows the "Justice System" to have consequences for the ones who are caught.
atp1916
[H]ard|DCoTM x1
- Joined
- Jun 18, 2004
- Messages
- 5,004
I agree. Hacking would take a serious hit if people followed internal security policies. Even bad security policies usually protect against mundane stuff like what you mentioned.
People are always the weakest link
I agree. Hacking would take a serious hit if people followed internal security policies. Even bad security policies usually protect against mundane stuff like what you mentioned.
People are always the weakest link
Hence why people like me have jobs. But I swear, the more democracy a company has, the worse it gets to properly get an implemented computer usage policy, following of basic DO/DONT's of web usage and getting right equipment for the needed job as it boils down to two things when my IT needs come to the penny pinchers and owners of the business:
1. Is it expensive? Answer is no.
2. Do I understand what your talking about or need? Answer is no
3. Will this force me to "change" my computer habits? Answer is ALWAYS no.
Silentbob343
[H]ard|Gawd
- Joined
- Aug 2, 2004
- Messages
- 1,944
Yes, twitter and youtube should evaluate and improve their security policies. The US govt does not need to be involved.
HEHEHE... how can businesses be coerced into taking more serious steps to protect private data, if they allow them to get away with it if they don't?
That almost sounds like a hardcore pro-business Republican.
I wonder, did the industry have a hand in the writing of these laws?
The way you coerce businesses into doing what's right is by making sure customers can sue the hell out of them when they fail to do it. Instead our Government did the opposite and is planning more of the same, absolution from liability.
Well, if the Safety Act says they'll be submitting to security scans, these new laws sound like they will be forking over details reguarding breaches without civil liability, probably adds additional civil liability protections for the security scans as well.
So BTW, just curious, who should be doing these security scans under the Safety Act anyway?
NSA is the premier breaker and taker but it's a bit outside their responsibility as a DoD entity.
DoJ should really be invovled unless there is a crime, this is preventative.
FCC maybe?
aShrubbery!
[H]ard|Gawd
- Joined
- Jul 28, 2007
- Messages
- 1,029
Not as long as companies have lawmakers write legislation that shelter said corporations from 'frivolous' lawsuits, or have clauses in their corporate policies that basically void any rights any customer might think he/she has once they agree to a transaction, or ultimately corporations have legions of lawyers you have to fight against, not to mention their higher capital than yours.
Given that Home Depot was clearly at fault for the loss of CC numbers, I wonder how many people or businesses feel they'll be lucky with a lawsuit.
Obma's buddies, you know the same ones who set up the healthcare site, first time round. And tax payers will foot the bill for maximum profit!
Rgrt, I feel so sorry for all you people that went to school for IT. Now you're almost stuck in a whirlpool of idiocy.
Invent an app or something man, at least you can take blame for the failings of it by yourself, not go 'it's just my job you un-tech, fat, lazy asshole.'
spintroniX
Gawd
- Joined
- Apr 7, 2009
- Messages
- 974
Shrubery, Companies get sued all the time, class actions happen frequently and people win. What we are talking about is exactly what you claim, laws written to protect business from civil liability. And what I said was precisely right, that what Government should have done is protect our right to civil redress in the courts. You have a good question about Home Depot but I have another good question. The loss of personal info by Home Depot amounts to personal risk to their customers. Would it require a lawsuit and money settlements to redress this risk or could Home Depot make things right with people by providing protections to the people at risk. Could Home Depot provide Identity theft and Fraud protections and stand up for their customers to pay for their mistakes? Should the Government require it?
holy dogshit... we agree on something
I warned you, I'm not the government protectionist people confuse me for.
- Joined
- Aug 20, 2006
- Messages
- 13,000
Just set off an EMP in every major city. It's the only way to be sure.
This seems like the most rational solution and easiest to implement.
That (of course) means it will never happen.
Semantics
2[H]4U
- Joined
- May 18, 2010
- Messages
- 2,811
How this wasn't already law who knows.
aShrubbery!
[H]ard|Gawd
- Joined
- Jul 28, 2007
- Messages
- 1,029
In a case like HD, I am surprised CC issuers were not the ones suing since they are the one who will bear the brunt of this screw up. Money settlements issued to private individuals are inappropriate in this case, as long as they do not have to pay for any losses.
HD providing ID theft protection and monitoring was a satisfactory step.
Government should enact a law that would require such measures and then let people/corporations follow that law. Any transgressions should be dealt with by the judiciary branch. That's as far as Gov't should go.
If only we had tougher laws against suicide missions flying commercial aircraft into New York towers, we could have deterred the terrorists and prevented 9/11!
Seriously, this crap is already illegal, and you're not going to deter Islamic extremists willing to die for Allah or some teenage schmucks that are halfway across the world where you have no jurisdiction.
This sounds like far more of a power play to try and expand the powers of the federal government with the excuse of increased security but with no plausible scenario in which it proves its the solution to the problem they're describing.
Seriously, this crap is already illegal, and you're not going to deter Islamic extremists willing to die for Allah or some teenage schmucks that are halfway across the world where you have no jurisdiction.
This sounds like far more of a power play to try and expand the powers of the federal government with the excuse of increased security but with no plausible scenario in which it proves its the solution to the problem they're describing.
crusty_juggler
[H]ard|Gawd
- Joined
- Feb 11, 2014
- Messages
- 1,241
They will if we enact Cybersharia Law.
What's wrong with a two-pronged approach. A Data Breach like HDs means the company breached must provide protections to the customers at risk, but those who also suffer damages are further protected by having their CC company forced to honor any charges they failed to detect, and then the CC Company can go after HD or whoever lost the data for their reimbursement. Face it, a banking institution has a much easier time squeezing a company like HD then a class action law suite or an individual.
Of course Shrubbery, the reason HD isn't being sued should be perfectly easy to see. HD must have already got on board with the Safety Act and is protected from civil liability. All they have to do is sign up for the program, have their IT department follow government IA security guidelines, and have the Feds do security scans of their servers and networks periodically. At that point the government blesses them as having done everything within reason to protect people's data and presto, they get a great big government shield that says they can't be sued for a breach.
Now how much more effort will businesses make to push developers to fix stuff if they can't be sued for a breach?
The government in action, we would have been better off by just keeping the feds out of it, at least before we had a chance with a class action to gain some compensation for damages, now we get squat.
D
Deleted member 204526
Guest
This is about government power and jobs. That's all most laws and regulations are really about.