This post might seem a bit US-centric, but the issues are really not specific to the US, they are global issues.
One I find especially important was the view that, “We need legislation that protects individual privacy and civil liberties, which are so essential to making the United States a free and open society.” I totally agree. Privacy and civil liberties are by many accounts eroding in the US and their protection is essential. Any cybersecurity legislation needs to directly address privacy protection. Without it, the legislation could potentially make the security landscape even worse than it is today.
He also noted the need for greater cybersecurity and strong cyber defenses. This has been the focus of this blog, Learning Tree Course 468, System and Network Security Introduction, Learning Tree’s cybersecurity curriculum, and of course countless others in the industry. Lew commented on critical infrastructure (particularly the financial industry) and stressed the importance of cybersecurity there. “Risks to the system can be found at the vendors, suppliers, and contractors that keep our financial system running. They can be found within industries that underpin the markets—like telecommunications and energy. And they can be found across the physical infrastructure that supports the U.S. economy, like our transportation system and water supply.” I addressed these issues in an earlier post.
Critically, he talked about the need for information sharing. He said “We need legislation with clear rules to encourage collaboration and provide important liability protection.” You can read more of his comments at Treasury’s press page http://www.treasury.gov/press-center/press-releases/Pages/jl2570.aspx. The important thing is that he understands that while sharing information is essential it can lead to liability issues. He did go on to say that such legislation should not provide for to “immunity for reckless, negligent or harmful behavior,” however. I completely agree. There is a huge difference between being the victim of a cybercrime that exploits a previously-unknown software bug and being reckless.
I am greatly encouraged by Secretary Lew’s words. I strongly hope that they are more than words and that they lead to action on the part of financial institutions, critical infrastructure companies, and legislators. All three of these issues: privacy, infrastructure protection and information sharing, need to be part of any successful cybersecurity legislation.
Do you agree? What more do you want to see? Let us know in the comments below.
To your safe computing,