发帖
雷达卡
1月12号,由美国中央司令部(Centcom)所运营的Twitter和youtube的社交账号遭到黑客“CyberCaliphate”的短暂入侵。美国中央司令部监管着美军在中东和南亚的军事行动。入侵者发布了诸多关于支持Isis的信息,随后其社交账号被中断服务。
对于美国ZF而言,这一幕虽然算不上什么严重的安全威胁,却足以让其陷入尴尬境地。连同之前的索尼影视娱乐遭袭事件一起,这一事件同时也在提醒美国ZF,网络安全问题迫在眉睫。本周,奥巴马总统针对网络安全问题做出提议。
其中一项提议是出台联邦数据安全法。这项法律要求如果公司网络被黑客攻击,且存在用户数据泄露的风险,则需在30天之内通知用户。民众希望这项联邦法案可以改善各州ZF在依照各自法律在办理数据泄露案件时判罚不一的现象。这一现象被来自Fox Rothschild律师事务所的Scott Vernick戏称为“群英荟萃”。
另一项提议将促使企业与ZF共享与信息安全相关的隐私数据。推动数据共享将事关重大。黑客通常利用“数据共享”这一方法对目标发起攻击。因此,一旦黑客掌握ZF与企业的数据共享技术,并拥有更高一筹的反制措施,那么ZF的努力将付诸流水。
尽管许多行业都设有相关机构来以便企业间相互提醒新的威胁,但专家指出,企业仍担忧因数据共享而招致来自用户和反垄断监管机构的法律诉讼。国会曾试图给予企业更多法律保护,却因为用户数据没有得到充分的保护而不得成行。鉴于此前斯诺登所爆料的美国国家安全局的丑闻事件,隐私维权人士则担忧以安全情报为由所共享的数据会被国安局泄露。
奥巴马总统表示希望企业把相关数据交予国土安全部,而不是国安局。前任白宫网络安全助理Chris Finan分析这一表态说明总统希望由负责美国关键基础设施安全的机构来处理这些数据,而不是间谍机构。
这一表态或许可以让部分民众满意,但ZF仍需要将数据共享的过程做到公开透明。为了回应民众的关切,试图保护民众的隐私,尽管这项提议强调在共享之前会将无关的个人数据从安全情报信息中剔除,并会要求严格监控留存数据的使用,但百密仍有一疏,不得不防。
这项新的举措和尚未成行的联邦数据安全法其部分目的可能旨在解决与欧洲的贸易摩擦中所涉及的隐私条例问题。现行的欧盟数据保护法禁止企业将用户数据交予忽视隐私保护的国家ZF,且一些欧盟官员间接表示美国ZF没有终止这种现象的意图。今年年内新出台的法案刚好能够设计出适用于欧盟系统的数据共享方案,并将违约告知规则适用于更多行业。如果奥巴马的提议可获得国会的通过,那么美国和欧洲将采用类似的策略来应对黑客的纷扰。
英文:
Jan 17th 2015 | SAN FRANCISCO | From the print edition of The Economist
ON JANUARY 12th hackers calling themselves the “CyberCaliphate” briefly took over the Twitter and YouTube accounts of US Central Command (Centcom), which oversees America’s military operations in the Middle East and south Asia. The intruders posted a series of messages in support of Islamic State before they were booted off the social-media feeds.
The episode was an embarrassment rather than a grave threat to America’s security. But it was yet another reminder, after the humiliating attack on Sony Pictures Entertainment, that hacking has become a huge headache (see chart). This week Barack Obama unveiled proposals to counter the threat.
Among them is a national data-breach law, requiring companies that have been hacked to reveal it within 30 days if personal data may have gone. Fans hope this will pre-empt the patchwork quilt of state laws governing breach reporting, which Scott Vernick of Fox Rothschild, a law firm, calls a “costly legislative soup” (see article).
Another proposal would make it easier for companies to share intelligence about digital threats with the government. Speeding up this flow matters. Hackers often use the same methods on many targets. So if knowledge of their techniques travels swiftly and counter-measures are developed fast, their efforts can be frustrated.
Many industries have set up bodies that help companies alert each other to new threats. But experts say firms are still wary of sharing, in case it leads to lawsuits from customers and antitrust watchdogs. A previous congressional attempt to give them greater legislative protection failed because it did not do enough to protect people’s data. Privacy activists worry that data shared as part of threat intelligence will be scooped up by the National Security Agency (NSA), whose appetite for information was highlighted by Edward Snowden’s blockbuster revelations.
Mr Obama wants companies to give their data to the Department of Homeland Security, not the NSA. Chris Finan, a former cyber-security aide in the White House, says this shows that the president wants information to flow into an agency whose job is to protect America’s critical infrastructure, rather than a spy agency.
That may reassure some folk, but there needs to be clarity about how this information is shared within government. The proposal sensibly tries to protect privacy by recommending that unneeded personal information is stripped out of threat intelligence before it is shared and demanding strict controls on the use of what remains. But the devil will be in the details.
This initiative and the mooted federal data-breach law may be partly aimed at heading off a dispute with Europe over privacy rules that could hamper trade. Current EU data-protection laws prohibit the transfer of personal data to countries with weak privacy regimes, and European officials are hinting that America’s is not up to snuff. New legislation later this year could well create an EU-wide system for threat-intelligence sharing and require breach notifications for a broad swathe of industries, too. If Mr Obama’s proposals survive the congressional sausage machine, America and Europe could end up with similar approaches to the hacking plague.
From the print edition: United States
译者:April_aileen ,via:ECO中文网
End.
本文来源:36大数据
提升卡
置顶卡
沉默卡
变色卡
抢沙发
千斤顶
显身卡
京公网安备 11010802022788号
