Ed Felten: California Must Lead On Cybersecurity

An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy. From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing. Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.

Re:facepalm

[fred911]

Why would you say something like that? Whereas, I don't have high confidence in any governmental organization to ratify legislation that works well with tech matters, California has lead the way for many in the past that are now national standards.

  Off the top of my head, there was a time where you could buy a new car without a catalytic converter, and without any emission standard requirements in every state besides California. Same thing can be said about safety equipment or specification (bumper heights, crash standards). Currently, all the requirements that had to be met for California are nationally required.

  I expect we will see the same adoption nationally for small motorized and two-stroke motors in the future. Also, the Junior College system that CA has had since (at least) 1978 (sans tuition for residents) recently had national mention.

  All in all, although many protest and resist change, it seems that California legislators are more intuitive than most and they seem to have lead the nation on many other models aside from the aforementioned.