Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American.

Similar presentations


Presentation on theme: "Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American."— Presentation transcript:

1 Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American Progress Senate Banking Briefing July 9, 2007

2 Overview Theme: data breach legislation is crucial for protecting critical infrastructure & promoting computer security Harm is to national and homeland security if have weak security & more breaches Is an important reason not to lower trigger from current practice We should also create incentives for improved security going forward

3 Critical Infrastructure Protection 90% of critical infrastructure in private sector We have had lots of obstacles to CIP – Turnover at DHS – Refusal to set any CIP standards for the private sector The practices that prevent breach tighten overall security, and protect critical infrastructure

4 Computer Security Security is a cost center in companies – Hard to get budget & do needed upgrades If a breach & no disclosure – Direct harm is to outsiders, whose personal information is lost – Little or no harm to the company – Classic externality – harms go outside, and thus under-protect

5 GLB Safeguards Enough? I dont think so, even for banking sector Is a good first step Once plan is in place, tendency to sit on the shelf – Weve done that & dont update effectively

6 Data Breach as Key Protection No tort damages, so disclosure is the main incentive to improve security D.B. as key driver for budget & management attention to computer security – Fear of reputation loss once disclose – Avoid costs of sending notice – Management wants to do it right once attention forced onto the breach

7 What To Do - 1 Dont weaken critical infrastructure and computer security If trigger is too low, then the ecosystem is harmed – Weaker overall national and computer security Plus, recent evidence of stolen identity credentials as growing funding source for organized crime and international terrorism

8 What To Do - 2 My article, at ssrn.com/abstract= – Report to security database if incident is significant but less than notice trigger – Creates the information we need for security research – More efficient prevention & response over time S. 496, Sec. 316 is good – it does this – It has database with Secret Service – other agency?

9 What To Do - 3 Hold hearings to confirm these security realities Legislative findings in preamble to show that security is a goal In sum, dont create harm to computer, homeland, and national security by weakening current protections

10 Contact Information Phone: (240) Web:


Download ppt "Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American."

Similar presentations


Ads by Google