Damage from cyberattacks comes in layers. Direct harm, in the form of theft and other losses. Damage to the reputation of the companies affected when news gets out. And the slow erosion of confidence in overall online security—a malaise that grows worse with each new breach.
How do we limit the damage and, more important, restore confidence in online security? That is a question that bedevils policy makers as much as it does network analysts and computer scientists.
Requiring companies to report when they’ve been attacked and to share details about how it was done might help strengthen cyberdefenses for everyone. But it can also complicate the process of trying to keep systems secure, and injure the companies’ reputations in the meantime. Conversely, allowing breached companies to work on solutions in secret may fix problems quickly and prevent reputational harm. But keeping attacks secret may also increase the danger for others.
Making the case for required disclosure is Denise Zheng, deputy director and senior fellow in the Strategic Technologies Program at the Center for Strategic and International Studies. Andrea Castillo, program manager in the Technology Policy Program at George Mason University’s Mercatus Center, argues against such a mandate. For the full article click here
from cyber security caucus http://ift.tt/25bdLfV
via IFTTT
No comments:
Post a Comment