Go to Appearance > Menu to set "Primary Menu"

Bringing you the latest in Gigabit Networks, broadband usage, wireless and more

Tag archive

Personal Data Privacy and Security Act

Senate Subcommittee Evaluates Administration’s Cybersecurity Legislation Proposals

in Congress/Cybersecurity/Senate by

WASHINGTON, June 22, 2011 – The Senate Subcommittee on Crime and Terrorism evaluated the Obama administration’s cyber security legislation proposal with respect to its own proposed cyber security proposals during a hearing Tuesday.

Subcommittee members discussed with executive branch representatives the elements of the administration’s proposals to improve cyber security and individual privacy. Among the topics of the hearing were national data breach standards, the voluntary information sharing proposal and the recommendations for increased criminal penalties against cyber crime committed against critical infrastructure and racketeering.

Executive branch witnesses agreed that updated legislation is needed to meet the administration’s Federal cyber security goals of improving cyber security for Americans, the nation’s critical infrastructure, and the federal government’s own networks and computers.

The audacity of major attacks mounted in May and June by hacker groups has increased pressure on officials to develop adequate policies and legislation that will combat cyber threats from organized crime groups, hacktivists, and foreign governments.

Hacktivist groups – hacker groups with political motivations, such as Anonymous and Lulz Security (or LulzSec) – have gained notoriety in recent weeks after claiming credit for the recent major cyber attacks on Sony, Epsilon, Lockheed Martin, Citibank, Google, government emails, and CIA.gov. Most recently, LulzSec released a statement declaring war on private corporations and government agencies.

Sen. Patrick Leahy (D-VT), Chairman of the Senate Committee on the Judiciary, reintroduced the Personal Data Privacy and Security Act in early June. Leahy, who commented in his opening statement on the need for the protections contained in his bill, plans to include the bill on the Committee’s agenda in the coming weeks.

“We simply cannot wait to act on comprehensive cyber security legislation,” said Leahy, “But, we must proceed in a way that is respectful of our privacy rights and civil liberties.”

Chairman of the subcommittee Sen. Sheldon Whitehouse (D-RI) echoed similar sentiments during the hearing.

“I’m worried about the extent of the threat we are facing now and the amount of time that it will take to implement the administrations proposals,” said Whitehouse.

Rep. Jim Langevin (D-RI), who testified as a witness before the Senate subcommittee, commented on the educational efforts in his home state to prepare high school students to enter the cyber security workforce.

Langevin also voiced optimism regarding the Administration’s proposals to encourage private companies to share voluntarily cyber threat information with the Department of Homeland Security.

“This effort, if handled carefully and appropriately, could greatly enhance privacy by stopping malicious intrusions or large data theft efforts, and it is already under consideration by other partner countries as a way to provide a clearer picture of the health of the Internet,” said Langevin.

Commerce Dept. Recommends Public-Private Partnership on Cybersecurity

in Cybersecurity/International by

WASHINGTON, June 9, 2011 – The Department of Commerce released its Cybersecurity, Innovation and the Internet Economy green paper on Wednesday, advising cooperation between the government and private sector to implement ways to address cybersecurity issues.

The Internet Policy Taskforce, a department-wide group created in April 2010, wrote the green paper with the goal of addressing the pressing issues surrounding cyber security.

Global online transactions have grown annually and currently account for $10 trillion in global trade. There has also been an increase in malware; between January 2009 and December 2010 the number of malware attacks doubled. In 2010, there were 55,000 new viruses, worms, and spyware threats.

“Our economy depends on the ability of companies to provide trusted, secure services online. As new cybersecurity threats evolve, it’s critical that we develop policies that better protect businesses and their customers to ensure the Internet remains an engine for economic growth,” said Commerce Secretary Gary Locke in a statement.

The green paper suggests that the government should support the creation of national code of conduct to deal with cybersecurity vulnerabilities. The new code of conduct should be created through a public-private collaboration rather than governmental edict. In addition to a code of conduct, the government hopes that industry will develop a set of standards which can be universally adopted.

“By increasing the adoption of standards and best practices, we are working with the private sector to promote innovation and business growth, while at the same time better protecting companies and consumers from hackers and cyber theft,” said Locke.

To protect consumers and business from the economic damages sustained by cyber-attack, the green paper suggestions the creation of cyber insurance. According to the paper, the market for cyber insurance would range from $450-500 million. Before any cyber insurance product is created however, industry must first determine how best to evaluate the costs of cyber-attacks.

In order to expand knowledge on potential cyber-attacks and vulnerabilities the report recommends the establishment of a National Initiative for Cybersecurity Education that would coordinate and fund research.

In addition to educating the business community about cyber-attacks and threats, the report recommends the addition of cyber protection to current digital literacy programs.

To further knowledge of cyber threats, the green paper recommends that the U.S. expand international collaboration: “The fact that cybersecurity is not defined by national borders and that the United States cannot afford to ignore global consideration…..The importance of engaging with our international partners early and often on matters related to standards development and policies is an essential starting place.”

In order to protect consumers, the report asks Congress to create a law that creates a framework for the notification of customers when electronic records have been breached. This recommendation is very similar to legislation currently proposed by Sen. Patrick Leahy (D-VT), the Personal Data Privacy and Security Act. Leahy’s bill would establish a national standard for the notification to consumers by corporations when data breaches occur.

The full green paper can be found here.

 

Leahy Introduces Data Security Bill

in Congress/Cybersecurity/Senate by

WASHINGTON June 8, 2011 – Sen. Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, re-introduced a bill Tuesday that would establish a national standard for the notification to consumers by corporations when data breaches occur.

Sen. Chuck Schumer (D-NY) and Sen. Ben Cardin (D-MD) cosponsored the Personal Data Privacy and Security Act, a reiteration of bills by the same name that have failed in each of the three previous Congresses.

“The many recent and troubling data breaches in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country,” said Leahy through a statement Tuesday. “Protecting privacy rights is of critical importance to all of us”

The bill would criminalize concealing data breaches that could result in economic damages to consumers and increase penalties under the Computer Fraud and Abuse Act. The bills also makes hacking or attempting to hack a computer a criminal offense and private firms would be required to establish and maintain data privacy and security protocols.

Over the last month, Sony’s Playstation network has faced numerous attacks that resulted in the theft of personal information of more than 77 million users. Early this week Nintendo also suffered from a cyber-attack but the company says that no personal data was stolen.

“According to the Privacy Rights Clearinghouse, more than 533 million records have been involved in data security breaches since 2005,” said Leahy in a statement about the bill.

The government would be required under the new measure to ensure the security of sensitive data is protected when it works with outside contractors. The General Services Administration would also be required to evaluate how contractors use and protect consumer data when authorizing contractors.

“When Sen. Leahy first introduced this bill in 2005, there were 22 states with data breach notification laws on the books. That regulatory patchwork was already causing confusion for consumers and unnecessary compliance burdens for companies. Now, almost all states have breach laws.” said Business Software Alliance President and CEO Robert Holleyman.  “BSA urges Congress to pass data security and breach notification legislation this session to create a single, national standard to replace the unwieldy state patchwork we have today.”

Go to Top