Why The Government’s New Cybersecurity Solution Is Doomed To Fail

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Why the government’s new cybersecurity solution is doomed to fail? Ummm, because it's the government. Duh.

Rather than focus on pushing both the government and private sector to do obvious things to make their networks more secure, it wants to pass a bill that will put even more data in the hands of agencies that aren’t themselves secure, while immunizing corporations regardless of their own preparedness.
 

erexx

Limp Gawd
Joined
Jul 14, 2004
Messages
472
They cant do the right thing from the start... no bill is going to fix it...
 

Climber

Supreme [H]ardness
Joined
Jul 27, 2007
Messages
5,283
Our government is filled with morons who really don't understand technology and yet somehow they are still passing these dumbass bills.
 

Madoc

Gawd
Joined
Mar 10, 2006
Messages
944
You can only call it a failure if they don't accomplish whatever goal they have... Getting ever more citizen data into the hands of government agencies... is that really a fail from the government's perspective?
 

lcpiper

[H]F Junkie
Joined
Jul 16, 2008
Messages
10,611
Congress is about to respond to the Office of Personnel Management cyberattack with a move as ill-considered as it will be ineffective. Rather than focus on pushing both the government and private sector to do obvious things to make their networks more secure, it wants to pass a bill that will put even more data in the hands of agencies that aren’t themselves secure, while immunizing corporations regardless of their own preparedness. - See more at: http://kernelmag.dailydot.com/issue...-cybersecurity-opm-hack/#sthash.fAeTChpm.dpuf

The author is as wrong-headed as the government on this one.

This statement by the author is actually false;
ISA’s approach of offering immunity in exchange for information-sharing may lead to sloppier cybersecurity practices among corporations that aren’t otherwise pressured to improve. Since corporations will gain immunity by sharing their customers’ information, they can’t be sued for their negligence—currently one source of pressure on corporations to improve. - See more at: http://kernelmag.dailydot.com/issue...-cybersecurity-opm-hack/#sthash.fAeTChpm.dpuf

They can't be sued if they sign up under the program, submit to Government Security Scans of their systems and networks to ensure compliance to government security guidelines.

Now the author posted a wonderful image but the image is damning from her point of view while it is also encouraging from another.
Screen-Shot-2015-07-31-at-00.48.55.png


Where the author sees poor compliance scores across several agencies, she ignores that several others have strong scores across the board meaning the Government's security guidelines are not the flaw, it's the government's ability to implement and maintain these guidelines across the full scope of the agencies that make up the government. So they know what to do, and how to do it. They just aren't so good at getting it done.

The author places too little importance on a more important aspect. That this approach will remove the pressure for industry vendors to fix security flaws in software. The government's approach to a flaw is that until there is a fix, there is nothing you can do about it. If you can't correct the problem then you just accept it until you can fix it. Without the pressure of the public being able to bring companies to the courtroom over these issues, there is no pressure to fix the broken shit.

The greatest error this author makes is in her view that this is something for the government to create a fix for. This is the author's failure. I can tell you how to fix all this. You do it by protecting the customer's/citizen's right to seek legal redress for failures. Protect the little guy's right to sue the big guy for being a cheap uncaring asshole. Strengthen it even. Tell business they can't have a damned security blankie. Tell business they better figure it out because if they don't then the little fishes are going to eat them up and make damned sure the little fishes are able to do just that. Then see how fast software developers start writing more secure code.
 
Top