Cybersecurity Law 2012?

[Epee1]

What do all of you tech gurus think about this?

http://www.pcmag.com/article2/0,2817,2401225,00.asp?kc=PCRSS03079TX1K0000585

[0kult13]

Money making scheme, sounds about right. bet are the people pushing this has ties to the consultancy firms. More reason to base your online stuff in iran or china  ;D

[Bayonet_Chris]

I buy this to a certain extent. The cybersecurity policies of many companies, especially the older "legacy" companies with more antique infrastructures (in IT speak, we're talking about the 90s, early 2000s), are very vulnerable. I've worked defense and healthcare and seen decent policies and bad policies, but very few really good ones. Obviously, you need to balance security with customer impact and flexibility to get things done within your environment.

With some of the things I've seen (mostly third parties, etc.) I can't fathom how these vendors are still in business. There needs to be basic, accepted standards on how to secure your infrastructure. Most of them are so open, it's really more about someone halfway competent knowing what to do instead of some super hacker.

I'm in healthcare IT right now, and we have to make sure our products meet new security standards around PHI (protected health information) and PII (personally identifiable information). If DHS has identified specific industries that, if compromised, are a threat to security, then it probably needs to be addressed. Hell, even making some of these companies update their general security policy with regard to passwords would be an improvement.

I think the intent behind the bill is good. Implementation is always where these things can go awry. Cybersecurity is a complex topic and these companies would have to hire consultants regardless if they wanted to address any deficiencies.

[LongBlade]

At the risk of derailing this thread, I believe more important than the legislation itself is the recognition that:

Cybersecurity is all about compliance. You create an intricate system based on a huge document and now you need to hire experts who have actually read these laws. Make these experts compliance officers and they now have to work with a compliance agency to comply with whatever is in the law. It stinks.

For those of you who haven't been watching the Hillsdale College lectures on the Constitution, the above situation is exactly how they describe our current form of government: technocrats who write and rule on the law, largely bypassing the judicial and executive (or in the case of regulations issued by branches of the executive, the same thing under their wing).

Regardless of the (in)effectiveness of the law, it seems to confirm that the system is broken.

That is all. Carry on.

[MIGMaster]

One thing I've taken away from the whole cyber-security thing, both here in Canada and the US, is that the politicians advancing some of these policies are so technicall illiterate that the policy would never have any hope of being relevant, let alone useful.

Vic Toews, a Canadian politician, was fine with issuing a bill that would allow for more in-depth internet "spying" on Canadians, but when details of his divorce were leaked online as a reprisal for wanting to violate the privacy of others it became just how ill-prepared he was to even understand the issue he was trying to tackle.

Maybe George Bush Jr. could help us by explaining the "Internets."  ;)

[LongBlade]

I don't think anyone disputes the need to periodically update our laws to keep pace with evolving technology.

But similar to the health "care" law that was recently passed in the US, we shouldn't have to pass the law to find out what's in it, and it certainly shouldn't be so technically complex that only experts can read it.

Simple, clear laws with simple, clear intent are best.

[MIGMaster]

Simple, clear laws with simple, clear intent are best

Such heresy ! After working in gov't for 20+ years these concepts are totally foreign to me !  ???

[LongBlade]

Heh.

[son_of_montfort]

I can't agree with Hillsdale. If anything our Congress is NOT "technocrats." I'm with MIG, they are some of the most technically illiterate people on the planet.

Laws like this may have good intent, but after the whole SOPA and PIPA issue, I don't trust Congress on anything internet or computer related.

[LongBlade]

I can't agree with Hillsdale. If anything our Congress is NOT "technocrats."

Not Congress - the bureaucracy. Who writes most of those laws? The lobbyists and the technocrats. That's why they're unintelligible to all but themselves.

[son_of_montfort]

I can't agree with Hillsdale. If anything our Congress is NOT "technocrats."

Not Congress - the bureaucracy. Who writes most of those laws? The lobbyists and the technocrats. That's why they're unintelligible to all but themselves.

Are you saying technical writers, like Gus, are ruining our country? I think you are saying Gus is ruining our country. In fact, I'm pretty sure.

And I agree. Gus ruins everything good.

[Bayonet_Chris]

I can't agree with Hillsdale. If anything our Congress is NOT "technocrats." I'm with MIG, they are some of the most technically illiterate people on the planet.

Laws like this may have good intent, but after the whole SOPA and PIPA issue, I don't trust Congress on anything internet or computer related.

That's the truth.