Cyber attacks occur every day around the world. Some are trivial and some are very dangerous. The United States is particularly vulnerable and needs better cybersecurity as enforced by law.
Last week Norway announced that Congress had been attacked by China. On the same day, the US government announced that the US pipeline had been compromised for 10 years by an attack from China. The day before, a group of Western nations accused China of a massive attack on users of Microsoft software.
The United States was attended by the European Union, NATO, the United Kingdom, Canada, Australia and Japan. Secretary of State Anthony Blinken said: “The United States and countries around the world hold the People’s Republic of China responsible for patterns of irresponsible, destructive and volatile behavior in cyberspace. Security.”
However, no sanctions or measures have been announced. Officials said China allowed Chinese criminal groups to participate in attacks in a pattern similar to Russia’s resistance to criminal ransomware attacks from Russian territory.
China and Russia may be the main criminals, but hostile hackers also work from Iran and North Korea. This represents a widespread vulnerability in many Western information systems.
Due to the open nature of the Internet, this type of piracy may not end. As President Joe Biden proposed to Russian President Vladimir Putin last month, the counter-threat of attacking critical infrastructure in problematic countries could act to thwart the most dangerous attacks. I have. However, this model has not yet been widely adopted and has not been proven to work.
In short, the United States needs to take significantly improved measures to reduce the success of attacks on governments and industries.
Despite industry resistance to government cybersecurity standards for more than a decade, Congress is finally beginning to meet its clear needs. However, there are still serious hurdles.
One problem is that companies don’t have to notify the government when they are attacked. This makes it difficult for governments to respond to these attacks. There are also related issues. Many companies are unaware that they have been attacked and only discover it through third parties. Law is needed to address this issue.
The second issue is responsibility or risk sharing. Software licenses are upheld by the courts to prevent damages proceedings resulting from defective software. Law is needed to resolve the one-sided nature of such contracts that pose all risks to software users.
A bill requiring prompt reporting is pending in Congress, but falsely provides the reporting company with a full immunity. If the reporting company is a software maker, it does not make sense to provide an exemption from proceedings seeking damages. Companies that use the software should be allowed to hold the software manufacturer legally liable for defects that allow hackers to access the software. An exception can occur if a software company discovers the flaw itself and provides the customer with a patch that fails to install. The key issue here is requiring software manufacturers to bear a significant portion of the risk of cyberattacks.
With one change in legal liability law, software makers will find that they have to do a better job of creating more secure software. Many major types of software in use today are not secure at any speed. It needs to change. Congress needs to listen to many people who have been badly hurt by cyber attacks. Not a few people trying to take responsibility.
Editorial: Congress Needs to Improve Cyber Security | Editorial
Source link Editorial: Congress Needs to Improve Cyber Security | Editorial