Category Archives: cybersecurity

January 21, 2009 · 8:54 am

Cyber Security – How to encourage non-compliance

Why should employees or students dare to point out deficiencies in security on college campuses when the reaction from the administration may be to terminate the discoverers instead of those responsible for the original violation of policy (i.e. leaving files with id out in the open).

A student journalist at Western Oregon University was reprimanded, and the newspaper adviser was fired, after publishing an article showing the institution had not secured sensitive, private information about some applicants.

Leave a comment

Filed under cybersecurity

Tagged as ,

January 20, 2009 · 4:05 pm

Security Breaches — Whither policy can reduce?

This post by the Post needs unpacking…

A data breach last year at Princeton, N.J., payment processor Heartland Payment Systems may have led to the theft of more than 100 million credit and debit card accounts, the company said today.

The Heartland disclosure follows a year of similar breach disclosures at several major U.S. cards processors. On December 23, RBS Worldpay, a subsidiary of Citizens Financial Group Inc., said a breach of its payment systems may have affected more than 1.5 million people.

In March 2008, Hannaford Brothers Co. disclosed that a breach of its payment systems — also aided by malicious software — compromised at least 4.2 million credit and debit card accounts.

In early 2007, TJX Companies Inc., the parent of retailers Marshalls and TJ Maxx said a number of breaches over a three-year period exposed more than 45 million credit and debit card numbers.

In 2005, a breach at payment card processor CardSystems Solutions jeopardized roughly 40 million credit and debit card accounts.

Leave a comment

Filed under cybersecurity

Tagged as , ,

December 9, 2008 · 4:58 am

Cybersecurity – Market Failure or Public Values Failure or both?

The Center for Strategic and International Studies is delivering a report, “Securing CyberSpace for the 44th President,” which notes, among other things, :

“We believe that cyberspace cannot be secured without regulation,”

The report, which offers guidance to the Obama administration, is a strong indictment of government and private industry efforts to secure cyberspace to date. “The laissez-faire approach to cyber-security has failed,” Mr. Kellermann said.

So, the commission concludes the market has failed to secure cyberspace.  And, it has also concluded that current government policy has failed to secure cyberspace.

In the intro, the report reads:

We advocate a new approach to regulature that avoids both prescriptive mandates, which could add unnecessary costs and stifle innovation, and overreliance on market forces, which are ill-equipped to meet public safety and national security requirements.

So, we have reasons why the market fails with regards to cybersecurity.

Not surprisingly, DHS is defending itself against the Commissions’ criticism of how cybersecurity has been managed.

“To be fair, we are undertaking something not unlike the Manhattan Project,” Keehner said. “Billions of dollars are going into this effort. We’re the first to admit there is more work to be done, but the progress that we have made should not be discounted.”

For further reading — see presentations made at CSIS event called

Improving Cybersecurity : Recommendations from Private Sector Experts

Leave a comment

Filed under cybersecurity, Market Failure, Policy

Tagged as , , ,