Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American.

Published byLily McKenna Modified over 11 years ago

Similar presentations

Presentation on theme: "Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American."— Presentation transcript:

1 Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American Progress Senate Banking Briefing July 9, 2007

2 Overview Theme: data breach legislation is crucial for protecting critical infrastructure & promoting computer security Harm is to national and homeland security if have weak security & more breaches Is an important reason not to lower trigger from current practice We should also create incentives for improved security going forward

3 Critical Infrastructure Protection 90% of critical infrastructure in private sector We have had lots of obstacles to CIP – Turnover at DHS – Refusal to set any CIP standards for the private sector The practices that prevent breach tighten overall security, and protect critical infrastructure

4 Computer Security Security is a cost center in companies – Hard to get budget & do needed upgrades If a breach & no disclosure – Direct harm is to outsiders, whose personal information is lost – Little or no harm to the company – Classic externality – harms go outside, and thus under-protect

5 GLB Safeguards Enough? I dont think so, even for banking sector Is a good first step Once plan is in place, tendency to sit on the shelf – Weve done that & dont update effectively

6 Data Breach as Key Protection No tort damages, so disclosure is the main incentive to improve security D.B. as key driver for budget & management attention to computer security – Fear of reputation loss once disclose – Avoid costs of sending notice – Management wants to do it right once attention forced onto the breach

7 What To Do - 1 Dont weaken critical infrastructure and computer security If trigger is too low, then the ecosystem is harmed – Weaker overall national and computer security Plus, recent evidence of stolen identity credentials as growing funding source for organized crime and international terrorism

8 What To Do - 2 My article, at ssrn.com/abstract=842228 – Report to security database if incident is significant but less than notice trigger – Creates the information we need for security research – More efficient prevention & response over time S. 496, Sec. 316 is good – it does this – It has database with Secret Service – other agency?

9 What To Do - 3 Hold hearings to confirm these security realities Legislative findings in preamble to show that security is a goal In sum, dont create harm to computer, homeland, and national security by weakening current protections

10 Contact Information Phone: (240) 994-4142 Email: peter@peterswire.netpeter@peterswire.net Web: www.peterswire.netwww.peterswire.net

Download ppt "Data Breach as a Critical Infrastructure & Computer Security Issue Peter P. Swire Professor, The Ohio State University Senior Fellow, Center for American."

Similar presentations

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.

Electronic Surveillance, Security, and Privacy Professor Peter P. Swire Ohio State University InSITes -- Carnegie Mellon February 7, 2002.
The Sunset of the Patriot Act Professor Peter P. Swire Moritz College of Law Ohio State University Winter College February 19, 2005.

The Sunset of the Patriot Act Professor Peter P. Swire Moritz College of Law Ohio State University Winter College February 19, 2005.
Self-Help in Cyberspace: Offense, Defense, and Both at the Same Time Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP.

Self-Help in Cyberspace: Offense, Defense, and Both at the Same Time Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP.
Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.

"Security and Privacy After September 11: The Healthcare Example Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP April.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Gag Rules and Information Flows: Or, How to Do Secret Surveillance in an Open Society Peter P. Swire Ohio State University Modest Proposals Conference.

Gag Rules and Information Flows: Or, How to Do Secret Surveillance in an Open Society Peter P. Swire Ohio State University Modest Proposals Conference.
Embedding Privacy in Federal Information Systems Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.

Security Through Obscurity: When It Works, When It Doesnt Peter P. Swire The Ohio State University DIMACS, Rutgers January 18, 2007.
Privacy in America: Your Role as Guardians of the Publics Data Professor Peter P. Swire Moritz College of Law The Ohio State University Ohio Digital Government.

Privacy in America: Your Role as Guardians of the Publics Data Professor Peter P. Swire Moritz College of Law The Ohio State University Ohio Digital Government.
Privacy and the Use of Cost/Benefit Analysis Professor Peter Swire Ohio State University FTC Workshop on Information Flows June 18, 2003.

Privacy and the Use of Cost/Benefit Analysis Professor Peter Swire Ohio State University FTC Workshop on Information Flows June 18, 2003.
The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Fordham CLIP Information.

No Cop on the Beat: Underenforcement in E-Commerce and Cybercrime Peter P. Swire Ohio State University & Center for American Progress Fordham CLIP Information.
HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.

HIPAA and the War on Terrorism Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP HIPAA Summit West June 7, 2003.
Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.

Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.
Privacy and Security: Lessons from Non-Health Sectors Professor Peter P. Swire Moritz College of Law The Ohio State University HIPAA Summit December 12,

Privacy and Security: Lessons from Non-Health Sectors Professor Peter P. Swire Moritz College of Law The Ohio State University HIPAA Summit December 12,
Online Profiling and Consumer Choice Peter P. Swire Center for American Progress Ohio State University ATL Hill Briefing April 28, 2008.

Online Profiling and Consumer Choice Peter P. Swire Center for American Progress Ohio State University ATL Hill Briefing April 28, 2008.
Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.

Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.
Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.

Lessons for Biometrics from SSNs & Identity Fraud Peter P. Swire Ohio State University National Academy of Sciences March 15, 2005.
The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

The Strategy of Using Security to Protect Privacy Peter P. Swire Ohio State University Consultant, Morrison & Foerster, LLP Data Protection Commissioner.

Similar presentations

Ads by Google