Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Thursday October 29 2015, @03:21PM   Printer-friendly
from the need-a-penalty-box dept.

Bruce Schneier's blog talks about the recent hack of CIA director John O. Brennan's AOL account (among others) and says when it comes to social engineering attacks:

The problem is a system that makes this possible, and companies that don't care because they don't suffer the losses. It's a classic market failure, and government intervention is how we have to fix the problem.

It's only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.

Schneier goes on to suggest the government should establish minimum standards for results and let the market figure out the best way to do it. He also partly blames consumers because they demand any security solutions be easy to use, ending with:

It doesn't have to be this way. We should demand better and more usable security from the companies we do business with and whose services we use online. But because we don't have any real visibility into those companies' security, we should demand our government start regulating the security of these companies as a matter of public safety.

Related: WikiLeaks Publishes CIA Chief's Personal Info


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2, Informative) by bradley13 on Thursday October 29 2015, @05:52PM

    by bradley13 (3053) on Thursday October 29 2015, @05:52PM (#256131) Homepage Journal

    He assumes that government regulation actually works. In fact, all this would accomplish is to establish another bureaucracy that funds itself at the expense of the businesses it regulated. Another hurdle making market entry impossible for small competitors, because only the big companies can afford the compliance process. Note: the process - a small company might be perfectly secure - it's paying the fees and filling in the ever-changing forms that is such a burden to small companies.

    An example from a different field: my wife's company deals with alcohol. She has to run an entirely separate accounting system, denominated in alcohol, to keep track of exactly how many liters she imports and where it all goes. Her duty-free storage is regularly inspected - while the inspectors are friendly enough, they have all the time in the world, and think nothing of spending hours and hours here, time that she has to be at their beck and call instead of working. The customs documents, the alcohol taxes, it goes on, and on, and on. A big company could just hire a herd of clerks to deal with it. For a tiny company, it takes up a huge portion of the owner's time, reducing the time she could spend building the business and competing with the big companies. And for what, really?

    Government regulations, however well-intended, lead to job security for bureaucrats, plus cronyism and anti-competitive behavior. It rarely solves the problem it is actually meant to address.

    --
    Everyone is somebody else's weirdo.
    Starting Score:    1  point
    Moderation   0  
       Informative=1, Overrated=1, Total=2
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1, Interesting) by Anonymous Coward on Thursday October 29 2015, @07:14PM

    by Anonymous Coward on Thursday October 29 2015, @07:14PM (#256174)

    it's paying the fees and filling in the ever-changing forms that is such a burden to small companies.

    And none of that is a requirement or has anything to do with regulation. Really all the regulations need to do is set a minimum standards for security and then employ pen-testers to randomly target large companies to see if they fit the standard. Anyone who gets penetrated faces a fine. As this requires hiring new government employees instead of privatizing everything, I understand it counts as "Big Gubbermint™", but not privatizing and having it done by actual government employees is the only way to keep costs down (the "golden hammers/toilets" crap is specifically about privatization, only private contractors rack up those kinds of costs, milking their contracts for all they're worth and sucking the government dry), ensure the standards are actually adhered to, and has less chance of the pen-testing crew stealing info to sell themselves.

  • (Score: 1, Funny) by Anonymous Coward on Thursday October 29 2015, @09:02PM

    by Anonymous Coward on Thursday October 29 2015, @09:02PM (#256236)

    This is what I came here to post.

    Set minimum standards? Gub'mint regulation?

    Bruce Schneier is obviously a Marxist. He's a stooge for Obammy yo mammy and the rest of those tax and steal big gub'mint scum.

    Let the market decide. If you don't have any money, you don't need to worry. But that's okay, because if you don't have any money, you're not a job creator, and thus don't deserve to live.

    If you deserve to live, then you can afford to make things secure. If not, who cares?

    What the hell is wrong with all of you? Don't you realize that you're being lied to and stolen from by the evil gub'mint? They want power. They take our money and soon they're coming for our guns!

    The best gub'mint is one that knows when to back off. Our job creators know what's best for the country. That's how they got the money. That's why Trump will be the next president! He's gonna make sure that we can get back to business.

    What is all this bullshit with mnimum wages? Medicare? Social Security? It's all just communistic wealth redistribution. That means stealing from the ones who deserve it and giving to the ones who are too stupid to be rich. And if you're that stupid, you definitely don't deserve to live.