Why The Government’s New Cybersecurity Solution Is Doomed To Fail

Why the government’s new cybersecurity solution is doomed to fail? Ummm, because it's the government. Duh.

Rather than focus on pushing both the government and private sector to do obvious things to make their networks more secure, it wants to pass a bill that will put even more data in the hands of agencies that aren’t themselves secure, while immunizing corporations regardless of their own preparedness.

They cant do the right thing from the start... no bill is going to fix it...

If you are a US citizen, a site for faxing congress about this issue.

https://www.stopcyberspying.com/

#StopCISA

Once again, Congress doing corporate bidding not the citizen's

Our government is filled with morons who really don't understand technology and yet somehow they are still passing these dumbass bills.

You can only call it a failure if they don't accomplish whatever goal they have... Getting ever more citizen data into the hands of government agencies... is that really a fail from the government's perspective?

Congress is about to respond to the Office of Personnel Management cyberattack with a move as ill-considered as it will be ineffective. Rather than focus on pushing both the government and private sector to do obvious things to make their networks more secure, it wants to pass a bill that will put even more data in the hands of agencies that aren’t themselves secure, while immunizing corporations regardless of their own preparedness. - See more at: http://kernelmag.dailydot.com/issue...-cybersecurity-opm-hack/#sthash.fAeTChpm.dpuf

Click to expand...

The author is as wrong-headed as the government on this one.

This statement by the author is actually false;

ISA’s approach of offering immunity in exchange for information-sharing may lead to sloppier cybersecurity practices among corporations that aren’t otherwise pressured to improve. Since corporations will gain immunity by sharing their customers’ information, they can’t be sued for their negligence—currently one source of pressure on corporations to improve. - See more at: http://kernelmag.dailydot.com/issue...-cybersecurity-opm-hack/#sthash.fAeTChpm.dpuf

Click to expand...

They can't be sued if they sign up under the program, submit to Government Security Scans of their systems and networks to ensure compliance to government security guidelines.

Now the author posted a wonderful image but the image is damning from her point of view while it is also encouraging from another.


Where the author sees poor compliance scores across several agencies, she ignores that several others have strong scores across the board meaning the Government's security guidelines are not the flaw, it's the government's ability to implement and maintain these guidelines across the full scope of the agencies that make up the government. So they know what to do, and how to do it. They just aren't so good at getting it done.

The author places too little importance on a more important aspect. That this approach will remove the pressure for industry vendors to fix security flaws in software. The government's approach to a flaw is that until there is a fix, there is nothing you can do about it. If you can't correct the problem then you just accept it until you can fix it. Without the pressure of the public being able to bring companies to the courtroom over these issues, there is no pressure to fix the broken shit.

The greatest error this author makes is in her view that this is something for the government to create a fix for. This is the author's failure. I can tell you how to fix all this. You do it by protecting the customer's/citizen's right to seek legal redress for failures. Protect the little guy's right to sue the big guy for being a cheap uncaring asshole. Strengthen it even. Tell business they can't have a damned security blankie. Tell business they better figure it out because if they don't then the little fishes are going to eat them up and make damned sure the little fishes are able to do just that. Then see how fast software developers start writing more secure code.