Cyberlaw discussion/Day 2: Difference between revisions
No edit summary |
|||
| Line 4: | Line 4: | ||
==Randy Picker, Cyber Security: Of Heterogeneity and Autarky== | ==Randy Picker, Cyber Security: Of Heterogeneity and Autarky== | ||
==Paul Ohm, The Myth of the Superuser== | ==Paul Ohm, The Myth of the Superuser== | ||
I guess someone needs to break the ice, so I'll venture out. | |||
Although Ohm takes good aim at the hype and misinformation that routinely is associated with assessments of cyber vulnerabilities or threats, that doesn't make those trying to make reasonable efforts to address the problem mere fearmongers. One of the problems Ohm points out, correctly, is the lack of hard data about attacks or damage incurred. A good portion of that is a collectively self-inflicted wound, since there is a chronic unwillingness to report. The head of CERT/CC (Computer Emergency Response Team - Coordinating Committee) estimated in 2005 that as much as 80 percent of cyber intrusions in the private sector go unreported (ref: GAO 05-434 Critical Infrastructure Protection - DHS Faces Challenges in Fulfilling Cybersecurity Responsibilities, p. 13) Reasons not to report abound: reputational risk, loss of competitive advantage, loss of public confidence, liability concerns, confidentiality agreements, and potential effect on the bottom line of stock value. | |||
This reluctance to share detailed data also limits the ability of the current public-private information sharing mechanisms (Critical Private Sector ISACs - Information Sharing and Analysis Centers or the governments US-CERT) to accurately assess the level of threat or undertake sustained, coherent corrective measures. | |||
For an updated assessment of cyber threat impact, see the Sep 2007 Business Roundtable Report titled "Growing Business Dependence on the Internet: New Risks Require CEO Action."[http://www.businessroundtable.org//publications/publication.aspx?qs=2B26BF807822B0F19D54F80] They cite a World Economic Forum estimate of a 10 to 20 percent probability of a breakdown of the critical information infrastructure in the next 10 years. The WEF study estimates the global economic cost at approximately $250 billion, one of the largest cost estimates of the risks examined in its report. [[User:Tseiver|Tseiver]] 09:15, 3 January 2008 (EST) | |||
==David Banisar, Save the Net, Sue a Software Maker== | ==David Banisar, Save the Net, Sue a Software Maker== | ||
Revision as of 10:15, 3 January 2008
- Add your first question here!
- And a response
Randy Picker, Cyber Security: Of Heterogeneity and Autarky
Paul Ohm, The Myth of the Superuser
I guess someone needs to break the ice, so I'll venture out.
Although Ohm takes good aim at the hype and misinformation that routinely is associated with assessments of cyber vulnerabilities or threats, that doesn't make those trying to make reasonable efforts to address the problem mere fearmongers. One of the problems Ohm points out, correctly, is the lack of hard data about attacks or damage incurred. A good portion of that is a collectively self-inflicted wound, since there is a chronic unwillingness to report. The head of CERT/CC (Computer Emergency Response Team - Coordinating Committee) estimated in 2005 that as much as 80 percent of cyber intrusions in the private sector go unreported (ref: GAO 05-434 Critical Infrastructure Protection - DHS Faces Challenges in Fulfilling Cybersecurity Responsibilities, p. 13) Reasons not to report abound: reputational risk, loss of competitive advantage, loss of public confidence, liability concerns, confidentiality agreements, and potential effect on the bottom line of stock value.
This reluctance to share detailed data also limits the ability of the current public-private information sharing mechanisms (Critical Private Sector ISACs - Information Sharing and Analysis Centers or the governments US-CERT) to accurately assess the level of threat or undertake sustained, coherent corrective measures.
For an updated assessment of cyber threat impact, see the Sep 2007 Business Roundtable Report titled "Growing Business Dependence on the Internet: New Risks Require CEO Action."[1] They cite a World Economic Forum estimate of a 10 to 20 percent probability of a breakdown of the critical information infrastructure in the next 10 years. The WEF study estimates the global economic cost at approximately $250 billion, one of the largest cost estimates of the risks examined in its report. Tseiver 09:15, 3 January 2008 (EST)