Proposed bill aims to increase awareness of cyber attacks

first_imgSecurity in our connected world is an ever-increasing concern. High-profile hacks have been in the news frequently over the past couple of years, with major corporations like Google falling victim and America’s smart grid coming under attack. And while a small number of savvy Americans understand what’s going on, people are generally completely in the dark (pardon the pun) about the current state of cybersecurity.Transparency is needed, believe Senators Sheldon Whitehouse and Jon Kyl. Back in November of 2010, Whitehouse had called on the federal government to take a close look at how information dealing with cyber attacks is handled. “Americans are sadly uninformed about the extent of risk,” he stated, continuing “and the extent of the capacity that is being used against us.”AdChoices广告Historically, information regarding cyber attacks has been classified by the government and kept hush-hush by private corporations — due to fears of being publicly shamed. That attitude is simply not helping, say Whitehouse and Kyl, and may actually be exacerbating the situation. The proposed Cyber Security Public Awareness Act of 2011 would task various agencies — including Homeland Security, the SEC, and DoD — with reporting attacks on infrastructure, federal networks, and also businesses and consumers to Congress. Similar legislation with a global focus was introduced last year, the International Cybercrime Reporting and Cooperation Act.Whitehouse believes that if Americans had a better understanding of the risks that they’d do a better job of keeping their computers up to date. That, in turn, would lead to fewer vulnerable systems in the U.S. which could be breached in future attacks.While staying up to date is certainly important, Mr. Whitehouse surely knows that most high-profile hacks begin with a successful spear phishing campaign. My hope would be that increased disclosure and awareness would lead businesses and government agencies to better educate users about avoiding such craftily-engineered attacks. Anti-malware software and fully updated systems are a great starting point, but it’s just as critical — if not more so — that the person in the chair knows how to avoid falling victim to a phisher’s snare.Read more at Infosec Islandlast_img read more