I hope you had a great Data Privacy Day last Saturday. I understand if you want to keep details of your celebration private. Getting people to talk about data privacy and cybersecurity is difficult, particularly when someone—Uncle Sam, maybe?—asks for details about a cyber attack on your company. Things tend to get very hush-hush at that point.
And that's where Congress is stepping in. (Cue the chorus of "uh-ohs" in the audience.)
The senate is expected to consider legislation on cybersecurity this week. Details of the bill have not been released—it is cybersecurity, after all—but the White House and its cybersecurity coordinator Howard Schmidt are backing the bill.
The house of representatives has already considered the legislation and their version focuses on providing incentives for industry to share information on threats and attacks with the government.
We're not sure what form such incentives will resemble. Some might suggest patriotism is a good enough incentive when terrorists attack, but the board of directors of a company that has seen its data compromised might wish for something more tangible if it is now required to lay out its ineffective security strategy for government bureaucrats to judge.
Sharing information about attacks should be a goal for everyone, particularly when such information can help other targets. But balancing trust in the government and helping others—particularly competitors—is a delicate issue.
Schmidt wants both the house and the senate to work together to develop a comprehensive package rather than pass piecemeal legislation with more holes in it than your average firewall.
In his blog post Schmidt writes: "Only providing incentives for the private sector to share more information will not, in and of itself, adequately address critical infrastructure vulnerabilities. The American people expect the federal government to work with the private sector to ensure our critical infrastructure is protected."
We've been discussing cybersecurity a great deal in this space in recent weeks. In addition to my interview with Aon Risk Solution's Kevin Kalinich for the data privacy article, I spoke with CSC's chief security officer Bryant Tow for a podcast in which he discussed the advisory council he and CSC put together on cybersecurity.
Both gentlemen had similar thoughts on how to develop a cybersecurity plan for insurance carriers and at its essence it involves two simple words: education and communication.
Too many companies fail to realize how vulnerable their "secure" information is and what others can teach them about such exposures. There shouldn't have to be incentives for reporting attacks, but then there shouldn't be a fear of telling the government what's going on within your private systems, either, and not many people are going to buy that line of goods.
We await breathlessly the results of this legislation and hope that education and communication are major points of whatever congress and the White house come up with.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.