Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Government Security The Internet United States IT Your Rights Online

Cybersecurity and the Internet Economy 32

Orome1 writes "Global online transactions are currently estimated by industry analysts at $10 trillion annually. As Internet business grows, so has the threat of cybersecurity attacks. The U.S. Department of Commerce today released a report that proposes voluntary codes of conduct to strengthen the cybersecurity of companies that increasingly rely on the Internet to do business, but are not part of the critical infrastructure sector. Commerce Secretary Gary Locke said: 'By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft.'"
This discussion has been archived. No new comments can be posted.

Cybersecurity and the Internet Economy

Comments Filter:
  • by Anonymous Coward

    And, about time! I can see this working out for businesses that comply, because it's a note of confidence to those that do business w/ said business, and good "P.R. image" too! Sort of like Sarbannes Oxley, &/or ISO standards, but imo, this is more effective (especially for online commerce).

    Thoughts?

    APK

    P.S.=> This could also work out for more IT related employment, for us "geeks/nerds" out there as well... bonus!

    ... apk

    • by mlts ( 1038732 ) *

      Sarbanes Oxley compliance != security.

      SOX has made SAN makers rich due to having to store E-mail for a long amount of time (50 years if you have anything to do with aerospace).

      It also has pushed out F/OSS solutions because without "due diligence" (which means products need FIPS certifications, Common Criteria, yadda, yadda, pretty tags that require a lot of money to pay an independent testing lab to get approved), people might see prison time.

      That is if the law is enforced... AFAIK, HIPAA was enforced once.

      • It also has pushed out F/OSS solutions because without "due diligence" (which means products need FIPS certifications, Common Criteria, yadda, yadda, pretty tags that require a lot of money to pay an independent testing lab to get approved), people might see prison time.

        Except that there are free software systems that have FIPS and CC certifications -- RHEL certainly comes to mind (no surprises there, considering who their customers are).

      • PCI-DSS.

        It already renders this action late and irrelevant.

        And the compliance it mandates is - for the better part - excellent, prescriptive security configuration advice.

  • by xMrFishx ( 1956084 ) on Wednesday June 08, 2011 @03:19PM (#36379734)
    Report PDF here [nist.gov].
    • It also only contains the word "cyber" 351 times in a 67 page report. That's still 350 occurrences too many, though I feel.
      • cyber Cyber CYBER!!
      • by Anonymous Coward

        Try copypasting the PDF to cybercybercyber.txt, and then running:
        cat cybercybercyber.txt | tr 'A-Z' 'a-z' | tr '\n\r' ' ' | grep -o 'cyber...[^ ]*[a-z]' | sort | uniq -c | sort --reverse

        The top cyberbuzzwords are:
        227 cybersecurity
        15 cyberinsurance
        14 cyberspace
        10 cyber attacks

        The article uses the following very annoying, and rather stupid phrases/words:

        cyber attack,
        cyber breach
        cyber crime,
        cyber defense,
        cyber economics,
        cyber ecosystem,
        cyber hygiene
        cyber incidents,
        cyber insurance,
        cyber insurers
        cyber intrusion

  • Commerce Secretary Gary Locke said: 'By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from [INSERT SUBJECT HERE]'."

  • Interesting definition of voluntary. Once you wade through 22 pages or fluff, you find (in the middle of the page numbered 12):

    "These voluntary codes of conduct, developed through multi-stakeholder processes.. Once these codes have been developed to and companies have committed to follow them, relevant law enforcement agencies, such as Federal Trade Commission (FTC) and State Attorneys General, could enforce them, .."
    [Next page]
    "The FTC's role in challenging both deceptive and unfair acts or practices in th

    • Dweller: I've done a lot of research in this area. Some time ago I was exploring the idea of using laws and financial incentives to coerce or "force" developers/companies to implement best practices and canvassed a few hundred firms to get their take. The overwhelming response was that they didn't think it was a good idea, some thought it would drive them out of business, stifle competition, etc. Then I came across the full green paper from Dept of Comm. before reading this on /. In light of what happene
      • I just find it a bit hypocritical to say voluntary when they intend to use force.

        We have a mess. The right laws may help, but, the wrong ones will make it a lot worse.

        Personally, I think the government's best contribution would be to provide central coordination. Here's two examples:

        1) They could provide a central clearinghouse for attack information. My institution is attacked hundreds of times a day. Thousands if you count the Confickers. Every day we collect lists of attacking computers. Just by ourselve

"Oh what wouldn't I give to be spat at in the face..." -- a prisoner in "Life of Brian"

Working...