Slashdot Mirror
White House Tackling the Economics of Cybersecurity
GovTechGuy writes "White House Cybersecurity czar Howard Schmidt will be hosting a meeting Wednesday with the Secretaries of DHS and Commerce in which he is expected to discuss the administration's new attempt to change the economic incentives surrounding cybersecurity. Right now, launching attacks on private companies is so cheap and relatively risk-free that there's almost no way that industry can win. The White House could be considering things like tax incentives, liability and insurance breaks, and other steps to try and get companies to invest in protecting their networks. It's also likely to dovetail with a step up in enforcement, so hackers be wary."
I mean, an insurance company won't insure your house if you don't put a lock on the door, so why should anyone care for cyber-security if a company doesn't take any measures to protect itself?
If you've got a network worthy of necessary security, it's not that hard to set up a linux firewall between your router and your gateway.
The major targets of hackers these days are financial in nature: account numbers or systems authorized to perform wire transfers.
The real solution to security is not to give companies more incentive to secure their information, but to give hackers less incentive to hack. Make a standard, PKI-based, government-regulated solution for financial transactions. Require that all transactions be digitally signed by smart cards, for example. Ensure that someone possessing your account numbers or even your passwords could not use them to transfer money from your account.
It sounds like they are going after the wrong incentives right now...
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Anything with the word cyber in it is automatically bullshit as far as I'm concerned, so lets dig a little deeper. Who is coming to this meeting?
Among those invited is Larry Clinton, president of the Internet Security Alliance, which represents a range of critical private security industries concerned about cybersecurity.
Ah, the Internet Security Alliance. And who do they represent? No major software or hardware companies are listed. (Symantec doesn't count) Funny enough, I see companies like Raytheon, Boeing, and Lockheed Martin. I'm just speculating (you know, this being /. and all), but something tells me the good ol' boys of the defense industry are trying to get another gravy train started up here.
E pluribus unum
Require banks to pay for every single breach that is their fault. Right now, it's the merchants who get screwed. If someone walks into one of the retail outlets I consult for with a fake ID, matching fake credit card, and walks out with the merchandise, 9 times out of 10 there is some obscure rule that wasn't followed that will allow the cardholder to get their money back, and the bank to get their money back, leaving the merchant with the option to take cash only or take the hit and continue doing business. "Cybercrime" -- or as I like to call it, 21st Century Crime -- only gets worse from here.
This is free market capitalism at it's finest, where the costs always find their way to the entity with enough money to pay the bill, but not enough to fight the system that forces them to pay. Unfortunately, the government not giving two shits about small businesses has been old news for some time. Hopefully people are going to wise up and realize that you don't do away with the government, just the lobbyists and corporate revolving door that is currently ruining it.