Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Can we legislate for transparency to improve cybersecurity?
#1
Quote:It’s widely accepted that greater transparency is necessary if we’re to have a safer and more secure software ecosystem. The SolarWinds hack underlined this fact: the full extent of the hack took so long to emerge not only because of the clandestine nature of the attack, but also because the organizations affected didn’t share information about what had happened and when. But how can we tackle this? According to Brad Smith, the Microsoft President and Chief Legal Officer, the answer lies in legislation.

At a congressional hearing in response to the SolarWinds attack, Smith said that “silence reigns” when private companies are hacked. “We need to replace this silence with a clear, consistent obligation for private sector organizations to disclose when they’re impacted by confirmed significant incidents,” he argued.
It isn’t that surprising to hear Microsoft call for more legislation: laws lead to standardization, and standardization will almost always help the largest players in the market. Indeed, Smith didn’t even hide this fact. As The Register noted, Smith “argued that the size and scope of the hack meant that it was more important than ever that everyone move their computing to the cloud.”

However, while Smith clearly has a vested interest, that doesn’t mean he’s wrong. Legislation might not stop cyberattacks from happening, but it can, at least, help the industry to have a more honest conversation about it.

This isn’t just about pointing the finger at companies that make mistakes. A climate of shame and blame is the last thing we need; it will make the tech industry a cagey and unpleasant place to be (some might say it already is), and in particular it will make life more difficult for the people that need to be trusted and empowered — security professionals.

It’s really about recognising that in today’s highly connected economy (and software landscape), no company is an island. As SolarWinds proved, the opportunities that the SaaS and PaaS markets provide the industry, also connect and link it together, making organizations vulnerable to similar threats and the same issues of resilience and reliability.

Continue reading HERE
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)