Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Government Privacy United States Politics Your Rights Online

Ed Felten: California Must Lead On Cybersecurity 80

An anonymous reader writes In a Sacramento Bee op-ed, (in)famous computer security researcher Ed Felten responds to the State of the Union cybersecurity proposal. He doesn't mince words: "The odds of clearing Congress: low. The odds of materially improving security: even lower. "What he suggests as an alternative, though, is a surprise. "California," he writes, "could blaze a trail for effective cybersecurity policy." He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts. It's an interesting idea. Even if it doesn't go anywhere, at least it's some fresh thinking in this area of backward policy. From Felten's essay: Critical infrastructure increasingly relies on industrial automation systems. And those systems are often vulnerable – they keep a default password, for instance, or are accessible from the public Internet. These are not subtle or sophisticated errors. Fixing them requires basic due diligence, not rocket science. Requiring the state’s critical infrastructure providers to undergo regular security audits would be straightforward and inexpensive – especially relative to the enormous risks. Areas of sensitive data are also low-hanging cyber fruit. In health care, education and finance, California already imposes security and privacy requirements that go beyond federal law. Those legal mandates, though, are mostly enforced through after-the-fact penalties. Much like critical infrastructure, sectors that rely upon sensitive data would benefit from periodic outside auditing. Of any state government's, California's policies also have the chance to help (or harm) the most people: nearly 39 million people, according to a 2014 U.S. Census estimate.
This discussion has been archived. No new comments can be posted.

Ed Felten: California Must Lead On Cybersecurity

Comments Filter:
  • I've worked in banking were we were audited by multiple government entities, our private auditors and auditors from our thousands of customers.

    Security audits are only worthwhile if the company being audited is actually serious about security in the first place. In over a decade of such audits I don't think the audits ever found anything that we didn't already know.

    During this time we aquired multiple other companies, all of who had passed security audits, and the quality of their security had very little r

    • by fred911 ( 83970 )

      "Security audits are only worthwhile if the company being audited is actually serious about security in the first place".

      I guess what matters is who holds the 'purse strings". When I observe a non-compliant issue and report it to my client, most of the time my client calls for a secondary audit. It's rare to see the same issue on the secondary. The audits I've done where I observe the same non-compliance are rarely retained by my clients.

      My clients hold the "purse strings" and will accept an

  • by slashmydots ( 2189826 ) on Sunday January 25, 2015 @08:07PM (#48901423)
    NOTHING is going to happen in California. Their budget is a joke. They have a double digit sales tax rate and the biggest deficit out of every state. They have the stupidest, most intrusive laws that negatively impact every other state. Their politics are almost as corrupt as Illinois. They don't do a thing about illegal immigrants and they're tipping the economy over and causing a massive crime problems. They also have a drug problem. California is the model of how you don't run a state.

    And they're supposed to get tough on cyber security?
    • Re: (Score:2, Funny)

      by hax4bux ( 209237 )

      No need to get all lathered up and angry! Relax! Clean your guns, watch some NASCAR and enjoy some BBQ pork rinds.

      California won't come to you, I think you will be safe in whatever flat spot you park that single wide trailer in.

      And be sure to tell your neighbors and coworkers how lucky they are to not be in California!

      • Many, many people are moving from California to Texas, often following companies who are either moving their headquarters or like Apple, who is moving their new development to Texas. They come here because this is where the jobs are, and the cost of living is so much lower. The same person might make two to three times as much real income after accounting for cost of living.

        They come to Texas because Texas has jobs, Texas has affordable housing, Texas has a road system that works, unlike California gridl

        • Do you think that will last if the price of oil stays down? Serious question, not an argument. I don't know the answer.
          • 23 years ago, my mother moved to Austin because that's where she found a nice job with a tech company, Dell, and a nice house for about $120k. Since then, gas has gone to about $4, gone back up and down. The Texas economy has done well throughout. This is the point where someone will point out that the Texas economy wasn't as good 30 years ago (when Democrat Ann Richards was governor).

            Shale oil has been good to Texas in the last three years, but again we've been doing well much longer than that, and tech

            • by khallow ( 566160 )

              My honest assessment is as I hinted above - business is coming to Texas FROM the states that are making pot legal, increasing regulations, etc - liberal states. That suggests to me that while smoking pot might be fun, and these liberal policies may have some benefits, they are bad for an economy - bad for jobs. I get it - I used to be a member of NORML. So I understand that point of view - I wrote some of the literature they read. It just hasn't worked well for the jobs and cost of living situation.

              Hasn't worked well compared to what? People are far less productive jobwise, when they're rotting in jail for committing a victimless crime like possession of marijuana than if they were casual marijuana users working some job within their abilities. And it costs a lot more to store those people in jail than it does to ignore their activities except in cases where they're doing something negligent, like operating heavy machinery while impaired.

              And this War on Drugs (like marijuana), has resulted in the s

              • > As a result, we have to expect and accept that people will on occasion act in ways that we don't like and perhaps even contrary to their own well-being.

                Perhaps that's applicable. There are enough gray areas to that question that we could go on for hundreds of pages discussing it. We'd never all agree, because it's a philosophical question, no a factual question. It's rather a different topic, though. What we're discussing here is jobs and the economy in Texas. In other words, as I said in the post you

                • by khallow ( 566160 )

                  Perhaps that's applicable.

                  It is applicable. There's no "perhaps" to it. In a mostly free world people will act in ways that we won't approve of.

                  What we're discussing here is jobs and the economy in Texas.

                  And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.

                  Similarly, maybe you think that "regulating" your employer to bankruptcy is more "fair".

                  OR MAYBE YOU DO. You're the one glossing over the destruction of a person's life just because they smoke or possess weed. Putting people out of business merely because they smoke something you don't approve of is pretty damned

                  • > You're the one glossing over the destruction of a person's life just because they smoke or possess weed.

                    The morality of drug laws is not the topic of discussion in this thread. As I keep telling you:
                    What we're discussing here is jobs and the economy in Texas.

                    > And I get you think that legalized marijuana smoking is somehow worse economically than the current state of affairs with its destruction of people and the rule of law.

                    There's no "think" about it, the fact is that the economy in Colorado, Cali

                    • by khallow ( 566160 )
                      Ok, if we're going to argue some sort of prohibition on the basis of economics, what is your economics argument for it? I'll point out that the discrepancy between California and Texas is far, far greater than merely whether they allow people to smoke marijuana (something which California actually theoretically doesn't allow either BTW with a "medical marijuana" exception). For example, there's this notable law [ca.gov]:

                      AB 32 requires California to reduce its GHG emissions to 1990 levels by 2020 â" a reduction of approximately 15 percent below emissions expected under a âoebusiness as usualâ scenario.

                      Pursuant to AB 32, ARB must adopt regulations to achieve the maximum technologically feasible and cost-effective GHG emission reductions. The full implementation of AB 32 will help mitigate risks associated with climate change, while improving energy efficiency, expanding the use of renewable energy resources, cleaner transportation, and reducing waste.

                      It's not hippies smoking weed which makes California gasoline a third more expensive than Texas g

                    • If you can find any of it, I think you might enjoy reading a guy from Colorado named Ray Morris. He was a big pot guy in Colorado , active with NORML in the early nineties.

                      It has become obvious that you're currently unable to grasp the concept that there can be a conversation about something other than weed ( too stoned?), so if you're in Colorado, please stay there. All we have down here is Mexican dirt weed anyway. You wouldn't like it.

                    • by khallow ( 566160 )
                      Googling around, I see that you appear to be devout Christian. Since economic and moral arguments don't seem to work, how about let's try two questions:

                      1) Has God given all of us free will?

                      2) Is it God's design that we should take away some degree of free will from others in order to help them become better people?
                    • Hmm, I wonder who or what you found that made you think that. Maybe Robert Morris? Anyway:

                      1) I don't speak for God. It seems He gave us instructions and the ability to follow them, or not. Mostly the same instructions the state Health Department gives us - don't eat improperly slaughtered meat, shellfish can be dangerous, and don't sleep around.

                      2) Jesus instructed that if a brother is doing something stupid and dangerous like fucking his neighbor's wife, tell him so. If he doesn't listen, three friends

          • In the past the oil industry was a much bigger part of the Texas economy than it is now. It's still a large part, but there is a ton of high-tech stuff all around Texas - Apple is building all of its Mac Pro units in Texas, for example...

            They also have a lot of international trade, including a major airport and shipping port too. All of that adds to economic diversity.

    • What they propose is not going to happen simply because of this:

      He calls for the state government to protect critical infrastructure and sensitive data, relying on outside auditors and experts.

      Outside auditors doing anything in CA government? We'll see that only when all else is lost, and people are starting to go to prison.

    • NOTHING is going to happen in California. Their budget is a joke. They have a double digit sales tax rate and the biggest deficit out of every state

      Perhaps you should come up to date on California's budget situation [sacbee.com]. Even if California had the biggest deficit in the past, California has the largest economy of any state, by a wide margin, making everything relating to finances bigger in California than any other state.

      California doesn't even have the highest sales tax rate. [slashdot.org]

    • They have the stupidest, most intrusive laws that negatively impact every other state.

      You are welcome to your state where a lack of laws allows employers to restrict your opportunities to change jobs. Yeah, welcome to your overlords who use the lack employee protection to push your income down.

      • >. You are welcome to your state where a lack of laws allows employers to restrict your opportunities to change jobs. Yeah, welcome to your overlords who use the lack employee protection to push your income down.

        Yeah, it was Texas where that happened, not California, right? It was Google and Apple conspiring against employees. Nope, must have been Toyota and Texas Instruments who did that.

        The thing is, when the statehouse is deeply involved in business, those three or four businesses who purchase sta

      • I meant more like get your bullshit tags off my furniture and propane.
    • They have a double digit sales tax rate and the biggest deficit out of every state

      Correct me if I am wrong, but it is also by far the wealthiest out of every state: the deficit is not a serious problem. Look at how EU screws itself with its obsession on member state deficits, this is not a path to follow

    • by Groovus ( 537954 )

      NOTHING is going to happen in California. Their budget is a joke. They have... the biggest deficit out of every state...

      California has had a budget surplus the last two years. They expect to do so again this year.

  • You mean all those industries that off-shored their IT and Security to the cheapest bidder can't secure their systems?

    BIG FREAKING SURPRISE.

  • Really...how about Rhode Island? It's a small enough place, so it should be easier to secure.

  • by silfen ( 3720385 ) on Sunday January 25, 2015 @11:11PM (#48902049)

    A state run by a single party beholden to corporate interests and lobbyists and massively dependent on the tech industry. A state that is so incompetently run that it is teetering on the verge of bankruptcy, that its schools have dropped to the bottom, and that can't even solve its traffic gridlock. Cybersecurity legislation in California will do little more than exempt tech companies from any sort of liability and pour out massive amounts in government subsidies to big corporations for cybersecurity initiatives.

    Real cybersecurity would require massively increasing the financial liability of corporations for any breach in security that causes their customers to lose money or waste time. For example, when a data breach at Home Depot causes banks to have to reissue credit cards, banks should be financially responsible to their customers for the many hours they have to waste on dealing with new credit card numbers, and Home Depot should be financially responsible to banks for all their resulting costs. If each of these data breaches cost corporations a few billion dollars, you'd be surprised how quickly security shapes up.

    • Real cybersecurity would require massively increasing the financial liability of corporations for any breach in security that causes their customers to lose money or waste time. For example, when a data breach at Home Depot causes banks to have to reissue credit cards, banks should be financially responsible to their customers for the many hours they have to waste on dealing with new credit card numbers, and Home Depot should be financially responsible to banks for all their resulting costs. If each of these data breaches cost corporations a few billion dollars, you'd be surprised how quickly security shapes up.

      This is 100% correct, but it would also require people to be responsible for their own accounts, at least to some extent. There are some people that still use default passwords for their accounts, or easily guessable ones. And that's just the least of problems with individuals.

      The truth is, no one, not providers, not consumers, not the Government, not anyone, regards computer security for the crime-lousy potential that it holds. Because that would acknowledge some really scary truths about the way it act

      • by silfen ( 3720385 )

        This is 100% correct, but it would also require people to be responsible for their own accounts, at least to some extent. There are some people that still use default passwords for their accounts, or easily guessable ones. And that's just the least of problems with individuals.

        That isn't a problem with individuals, it's a problem with companies relying on passwords in the first place. Passwords by themselves are not secure, no matter how careful and knowledgeable the user may be in choosing them.

        The truth i

To the landlord belongs the doorknobs.

Working...