Information Security News
mailing list archives
Congress is looking into consumer data security: But will it actually act?
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Feb 2014 06:35:35 +0000 (UTC)
BY CALE GUTHRIE WEISSMAN
FEBRUARY 3, 2014
Today in Washington, a congressional Banking, Housing, and Urban Affairs
subcommittee met to discuss recent consumer financial data breaches, and
the role retailers, bankers, and the government must play to prevent them
from happening again. Leading the subcommittee was Congressman Mark Warner
of Virginia, who detailed the necessity for swift action. He repeatedly
called for unity among all players — including bankers, retailers, and
credit cards — noting that all must be on the same page and not consider
the others antagonists in order to successfully protect millions of
consumers’ personal data.
The elephant in the room was undoubtedly the ongoing Target and Neiman
Marcus security breach, which allowed hackers access to millions of
customers personal financial information. Executives from these companies
will be testifying to Congress in the coming weeks. The looming question
on the tip of each senator’s tongue was, what can be done to prevent such
a data fiasco from happening again?
Senator Mark Warner, the subcommittee’s chair, noted that last year cyber
crime caused reportedly $300 billion in damage, and that that statistic
has most definitely increased over the last year. He questions the tactics
the Secret Service has taken when looking at and trying to block
large-scale security breaches. “Why is that that the security service or
even security bloggers are the first to know of these attacks,” pointing
to private companies and news outlets who made the Target story public. He
then queried, “why is it taking us so long to respond?”
The first panelists at the hearing — William Noonan, Deputy Special Agent
in Charge of the US Secret Service, and Jessica Rich, the Director of the
FTC’s Bureau of Consumer Protection — didn’t provide too much insight into
either of these question. They did insist, of course, that their
organizations are working to protect such crimes from happening again.
Given the constantly evolving state of cybercrime Noonan noted that
“malware can be molded and changed per attack.” And he ultimately agreed
that the legislative action would help his organization a great deal.
Ms. Rich repeatedly harped on the fact that there is no federal standard
for data security practices. “It would be extremely helpful to have a
federal law around data security… with civil penalties,” she said. She
continued repeating this as the hearing continued.
Subscribe to InfoSec News
- Congress is looking into consumer data security: But will it actually act? InfoSec News (Feb 04)