US Homeland Security boss wants nationwide law for reporting network break-ins
Jeh Johnson, Head of the Department of Homeland Security (DHS) stated at the top of his wish list was a nation-wide data breach reporting law: this law would replace the hodgepodge of individual state laws, and would require organizations to report computer security attacks to the US government. It would also bring in tougher penalties for criminal hackers.
“Key to cyber-security is information sharing,” he said. “It’s key even among the most sophisticated actors – you can’t be out there alone, and should partner with the federal government.”
Johnson also stated minimizing the success of cyber-attacks starts with education. Many sophisticated attacks begin when an employee clicks on a link or attachment in an email.
He also pointed out that going with larger firms for security systems is not always in the best interest of cost and efficiency. Smaller can be leaner firms with better products.
Attacks are always going to happen, but the key to minimizing the impact is sharing information about attacks, smart planning, the best tools, and a little bit of resilience.
Currently, most state data breach laws only require reporting if sensitive personally identifiable information is compromised. If the head of DHS has his way this will not only require reporting all attacks, but also impose penalties for not reporting. While the data breaches hitting the headlines are major many do not see the ones that are not being reported or are small and do not make the news. Following President Obama’s recent cyber security bill, its very likely this may get pushed through as well. Meaning all organization will need to tighten up their security posture.