FBI: National data-breach law would help fight cybercrime
Information-sharing by businesses could help the agency link attacks
IDG News Service - A federal law that would require businesses to report data breaches to potential victims could help law enforcement agencies fight the growth of cybercrime, a FBI official said Wednesday.
If U.S. businesses were required to share information about their data breaches, law enforcement agencies could link those attacks to others and potentially stop similar attacks at other organizations, said Jeffrey Troy, chief of the FBI's Cyber Criminal Section.
A data-breach notification bill "would help us tremendously, particularly in terms of efficiency in conducting investigations," Troy said during a cybersecurity discussion in Washington.
Companies need to think beyond their walls when dealing with cybersecurity issues, Troy said. "They have to recognize that the Internet has become a global platform for commerce," he said. "The people that are stealing information from you ... are going after the money."
Attacks used against one company will likely be used against other organizations, Troy said. "We're really looking forward to getting all this data," he said.
Some members of Congress have pushed for several years to pass data breach notification bills, without success. Although about 45 states have passed their own data-breach notification bills, Congress has yet to pass a federal law.
Data-breach notification will be part of a comprehensive cybersecurity bill that the Senate Judiciary Committee will try to move to the Senate floor this year, said Lydia Griggsby, the committee's chief counsel for privacy and information policy. The Personal Data Privacy and Security Act, sponsored by Sen. Patrick Leahy (D-Vt.) would also limit how data brokers can use personal information and would establish data security rules for interstate businesses that collect personal data.
Leahy, chairman of the Judiciary Committee, will hold hearings on the bill later this year, Griggsby said.
A national data-breach notification law is a top legislative priority for cybersecurity products vendor Symantec, said David Thompson, the company's CIO. It's difficult for companies to comply with 45 different state laws, he said.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- The Critical Incident Response Maturity Journey
- As organizations rebalance their security defenses to combat today's sophisticated threats, they're recognizing that centralized incident response capabilities are key.
- Energy Efficient Servers
- Supermicro at Work. View Now>>
- Don't Trust Your Data Center to Generic Memory
- Discover How LRDIMMs Break Through Density and Speed Limitations
- Insist on High Quality, Server-Grade Memory
- Not All Memory is Created Equal - Make Sure Yours Passes Rigorous Margin and Stress Testing All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts