Cyber CrimeLake Havasu City, AZ – Supervisor Buster Johnson, 1st Vice President of the National Association of Counties (NACo) Cyber Security Task Force Team, is looking towards Congress to enact a stronger set of federal standards and guidelines for defending consumer data from cyber-attacks. “Seventy million Americans reported stolen data last year,” Supervisor Johnson stated. “With more and more individuals turning to smartphones and tablets for banking and shopping, it is important that more stringent laws are able to be put into place to protect consumer data,” Johnson continued.
According to the National Law Review, several pieces of legislation have been introduced in the last two years regarding consumer protection and data breaches, yet only one has made it to the House floor. The Protecting Cyber Networks Act passed the House of Representatives with 307-116 in favor this past month. It must now pass the Senate before it can be sent to the President for a signature. “Comprehensive legislature is needed in order for true cyber security protection in the United States,” Johnson stated. “This legislation would make it easier for private companies to share information about cyber security threats with each other and the government without fear of lawsuits,” Johnson continued.
Other legislation currently being discussed involves data breach notifications. Several cyber security laws being proposed include language that would require companies to notify those affected by a breach within 30 days of an attack. While most states, including Arizona, have laws already on the books regarding notification, this law would make it mandatory nationwide. “If a consumer from Arizona used their credit card at a store in another state without notification laws, those companies are currently not required to notify consumers within a specific time period of a security breach. This language would change that,” Johnson said. “Most of the time, the people who are hacked do not catch the problem themselves. They are informed by outside agencies,” Johnson continued. According to testimony given during a National Cyber Security Panel on Capitol Hill, the average number of days an attacker is inside a company’s computer system before the problem is detected is 416 days.
Some cybersecurity experts have even gone as far as suggesting framing cybersecurity as a public-health issue. A report done by the Wall Street Journal, shows many in favor of defensive hacking which would allow major companies to protect themselves by retaliating against cyber criminals. “Many cyberattacks, for example, use botnets, which work like infectious diseases. They infect computers without the owners’ knowledge and then use those “zombie” computers as part of a swarming plague against a target. The theory behind defensive hacking is to allow a victim to use a “zombie” computer as part of a counter attack to plague against a target,” Patrick Lin, an associate philosophy professor at California Polytechnic State University, stated.
According to Supervisor Johnson, the theory is not a bad idea. “As technology gets more advanced and more integrated into our lives, Congress is going to have to come up with mandatory sentencing laws for cybercrimes, but the major companies that are being attacked such as banks and utilities are being attacked by foreign entities. In these situations, defensive hacking may not be a bad idea,” Johnson explained. “A cyber-attack on America would be devastating. It could turn off our electric grid or steal valuable data from nearly every U.S. citizen.