If only the US would follow ...

  • I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).

    I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.

  • You should get your basic right...
    This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
    In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
    All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
    EU not UK
    Correct your article it's EU not UK only!
    Thank you!

    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC

  • Guaranteed this would open up an entire wealthy cottage industry of satisfying government bureaucrats micromanaging thousands of regulations. Probably with little actual security improvement (note the government's own lousy track record.)

    ...

    -- FORTRAN manual for Xerox Computers --

  • Daniel Auger - Sunday, March 18, 2018 10:15 PM

    I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).

    I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.

    Have you any links to the Dept. of Homeland Security's free IT security services?

    Kindest Regards, Rod Connect with me on LinkedIn.

  • Daniel Auger - Sunday, March 18, 2018 10:15 PM

    I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).

    I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.

    Let's hope so. Didn't know they offered services, but that's great.

  • CozzaroNero - Monday, March 19, 2018 6:08 AM

    You should get your basic right...
    This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
    In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
    All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
    EU not UK
    Correct your article it's EU not UK only!
    Thank you!

    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC

    The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.

  • It would be interesting to find out where the 17 million actually goes and what it would be used for.  If it goes towards people that have had their identities stolen or have suffered other financial or reputation damage from a data breach, then I agree with the fines.  If not, then what?  And how many times can a company be made to suffer the fine?  It seems to me, like you said, it may be a proverbial drop in the bucket and simply suffer the fines than to do all that is necessary to make an "air tight" computational world for their given business especially with the notion that a customer can request "I want to disappear".

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.
    "Change is inevitable... change for the better is not".

    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)
    Intro to Tally Tables and Functions

  • I think the UK has bigger security issues they don't address other than cybersecurity.

  • Steve Jones - SSC Editor - Monday, March 19, 2018 9:32 AM

    CozzaroNero - Monday, March 19, 2018 6:08 AM

    You should get your basic right...
    This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
    In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
    All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
    EU not UK
    Correct your article it's EU not UK only!
    Thank you!

    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC

    The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.

    Sorry, Verba volant, scripta manent, you got it wrong all the way thru and not able to recognise that is even more wrong.
    Your article is praising UK for something that is coming from EU Parliament which is why you are wrong. You mention the EU only for the GDPR, surprisingly right... lol

  • CozzaroNero - Monday, March 19, 2018 10:31 AM

    Steve Jones - SSC Editor - Monday, March 19, 2018 9:32 AM

    CozzaroNero - Monday, March 19, 2018 6:08 AM

    You should get your basic right...
    This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
    In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
    All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
    EU not UK
    Correct your article it's EU not UK only!
    Thank you!

    http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC

    The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.

    Sorry, Verba volant, scripta manent, you got it wrong all the way thru and not able to recognise that is even more wrong.
    Your article is praising UK for something that is coming from EU Parliament which is why you are wrong. You mention the EU only for the GDPR, surprisingly right... lol

    So write a counter point article and submit it.

  • Cyber security and digital privacy are rarely ever political campaign issues up for debate here in the US, at least not in the same way that immigration, the environment or international trade are. It's a topic that should be debated more substantively, instead of just in a stylistic way.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • This is a fascinating contemporary topic that I'm excited to see unfold. In the US I'm curious to see the final straw that breaks the camels back. Do we ever get to that point? I'm hesitant and skeptical about throwing regulations and money and problems. It would be nice to see some sort of legislation come out that defends privacy and makes a good faith effort to minimize security breaches. As with most things the implementation is where all the debate will be.

  • Rod at work - Monday, March 19, 2018 8:42 AM

    Daniel Auger - Sunday, March 18, 2018 10:15 PM

    I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).

    I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.

    Have you any links to the Dept. of Homeland Security's free IT security services?

    I couldn't find a detailed list, but the DHS site is full of high level info.
    https://www.dhs.gov/topic/cybersecurity
    https://www.dhs.gov/topic/protecting-critical-infrastructure

  • Thank you, Daniel.

    Kindest Regards, Rod Connect with me on LinkedIn.

Viewing 15 posts - 1 through 15 (of 18 total)

You must be logged in to reply to this topic. Login to reply