Cyber-security: To the barricades - How America and Europe are trying to bolster their cyber-defences
Arvamus 18 Feb 2013  EWR
    Trüki   E-post   FB     
The Economist, via JBANC
WITHIN a week of each other, both the European Commission and the White House have set out a series of new rules designed to stem the rising tide of cyber-attacks against public and private victims. The most dangerous of these are aimed at what is termed critical national infrastructure. The targets may be physical (such as electricity grids) or virtual, such as the computer networks used by the financial system.

Alongside his state-of-the-union message on February 11th, Barack Obama released an executive order intended to plug the gap left by the failure of Congress to pass cyber-security legislation that matches the growing threat. “We cannot look back years from now”, he said, “and wonder why we did nothing in the face of real threats to our security and economy.” The president’s frustration stems from the fate of two stillborn measures. One is the Cyber Intelligence Sharing and Protection Act, known as CISPA, passed by the House of Representatives last year, which failed to make it to a vote in the Senate (the White House threatened a veto because of worries about privacy). The other is the Cybersecurity Act, which was supported by the administration but fell victim to a Republican filibuster in the Senate.

Though all sides agree about the seriousness of the threat, America’s partisan divide hampers agreement even in cyber-security. Most Republicans emphasise national security and information-sharing, but want to avoid imposing burdensome government-set security standards on private firms. Democrats worry less about regulatory overkill, but are fearful of anything resembling a snooper’s charter that would allow the state to pry into data held by internet firms on individuals.

Mr Obama’s executive order focuses on sharing information about threats between government agencies and the private sector. This will usually be unclassified, but could potentially include classified material if the attacks are on operators of infrastructure “so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on the nation’s security, economy, health or safety”.

Civil-liberties lobbies are relieved that—contrary to what was envisaged in CISPA—the flow of data is, for the time being, just one-way. Private-sector firms are not obliged to release information about their clients. Nor, if they do so, will they have the immunity from prosecution that CISPA would have given them. A “cyber-security framework” which sets out the relationship between the government and vital-infrastructure operators will be established within 240 days of the order. CISPA was due to return to the House on February 14th. But without further amendment on privacy matters it is likely to stall again.

By contrast, the European Commission’s cyber-security strategy is at an earlier stage. It wants member countries to introduce laws compelling important firms in industries such as transport, telecoms, finance and online infrastructure to disclose details of any attack they suffer to a national authority, known as a CERT (Computer Emergency Response Team). Each CERT will be responsible for defending vital infrastructure-providers against online attacks and sharing information with its counterparts, law-enforcement agencies and data-protection bodies.

What neither the European nor American measures deal with directly is the shortage of cyber-security specialists. A gloomy review of the British government’s strategy by the National Audit Office, a spending watchdog, said the skills gap could take 20 years to bridge. Schools tend to lack suitable courses, and able specialists may have acquired criminal records during past lives as hackers.

One attempt to solve the problem takes the form of public competitions to find talented outsiders. On February 9th in central London, under the admiring eyes of industry specialists, spooks and other officials, four teams of hackers were trying to breach (dummy) missile-control software in the hope of reaching the final of Britain’s Cybersecurity Challenge. Last year the task, also successfully accomplished, was to blow up a nuclear power station.

Posted at JBANC's blog: http://jbanc.org/?page=blog&v=...

Source: http://www.economist.com/news/...
 
    Trüki   E-post   FB     
18 Aug 2017 02:36
Oleks nagu tehtud kõik, ent tühivastused käibivad nii nagu ennegi. -Ametikirjavahetuse meelespea.
17 Aug 2017 18:37
Eerik-Niiles Kross: metsavendade sõda kestab edasi (1)
17 Aug 2017 15:51
Terrorirünnak Hispaanias PM
17 Aug 2017 15:44
Maailmapilt: MAAILMAPILT. Fred Kraav ERR Arhiiv
17 Aug 2017 15:15
Ottawa - Black Ribbon Day 2017
17 Aug 2017 10:01
Trump: monumentide eemaldamine on rumalus (2)
17 Aug 2017 09:34
Stockholmi politsei keeldub 11 päeva kestnud afgaani noorte meeleavaldust laiali löömast (2)
17 Aug 2017 07:46
Niinistö: Kui Eesti ja Venemaa vahel algab sõda, puhkeb maailmasõda (1)
17 Aug 2017 07:42
David Vseviov 13. Metsaülikooli avaloengus: suurim nauding on võim, sest ühegi muu naudingu nimel pole külvatud nii palju hirmu (2)
17 Aug 2017 07:39
Eesti President Kaljulaid Metsaülikoolis: kui piisavalt hästi valmistume, siis see hoiab riskid ka tegelikult madalamana
16 Aug 2017 12:05
Toit, mida Briti kuningapere väljas süües tellida ei tohi PM
16 Aug 2017 11:57
Trad. Attack! Wednesday, August 16, 2017 8:30 PM
16 Aug 2017 09:45
Uus pusletükk? Franklini Arktika-ekspeditsiooni hukule leiti veel üks võimalik põhjus DELFI
16 Aug 2017 08:18
Galerii ja video: USA ründelennukid maandusid esmakordselt Kuressaare lennuväljal PM
15 Aug 2017 18:59
Eestlanna võitleb USAs raske haigusega
15 Aug 2017 10:52
Londoni börs nõudis sõna otseses mõttes ohvri
15 Aug 2017 05:02
"Eesti Hääl" juuli 2017 Inglismaa
13 Aug 2017 21:59
Asepresident Mike Pence’i topeltmäng Postimees (1)
SÜNDMUSED LÄHIAJAL
Aug 19 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 20 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 21 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 22 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 23 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 24 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 25 2017 - Muskokas
Kotkajärve Metsaülikool
Aug 26 2017 - Muskokas
Kotkajärve Metsaülikool

Vaata veel ...

Lisa uus sündmus