[Dshield] Where should one start?

John Holmblad jholmblad at aol.com
Sat Mar 20 01:37:59 GMT 2004


Roger,

lawyer jokes notwithstanding, I actually think that our capitalist 
system would benefit from more of the cyber equivalent of "ambulance 
chasing" lawyers in order to establish firm legal precedent for tort 
liability on the part of product suppliers (software and hardware) and  
service providers  for damages caused by security breaches resulting 
from the use of their products and services.  In the US at least,  the 
HIPAA. GLBA, and to a lesser extent the Sarbanes Oxley act, are setting 
the die for such accountability and, consequent product/service provider 
liability for damages resulting from security breaches. With the 
aforementioned legislation, in the near future, this accountability 
will  be laid first at the corporate "door" of health care and financial 
services firms for breach of customer privacy as a consequence of 
inadequate security, and, eventually at the door of all enterprises who 
damage their customers by failing to implement security best practices. 
A good analogy is probably the airline industry. I suspect that circa 
1920 your relatives would have had a hard time collecting damages from 
an airline if you perished in an airline accident. But 20-30 years later 
I suspect your survivors would have been in a stronger position to do 
so. I think the same situation accrues here. Microsoft itself is in "hot 
water" over the Passport security breach and even companies that are not 
direct providers of IT products and services are starting to feel the 
heat for breaches of privacy occurring "on their watch" (old news: 
http://www.ebglaw.com/article_605.htm.)

The INFOSEC product industry is getting concerned about the threat of 
even stronger government regulation  and has formed its own interest 
group called  the Cyber Security Industry Alliance (wwwcisalliance.org) 
to influence the political  as well as technical agenda surrounding 
cybersecurity.  It is safe to say. I think, that in 50 years or so,  
because of its pervasive role in  society and our capitalist economy, 
that IT will become regulated in the same way that  the accounting 
profession became regulated in the 20th century to the benefit of all, 
Drexel Burnham, Enron, Tyco, MCI, Ahold, Parmalat............. 
notwithstanding.

-- 

Best Regards,

 

John Holmblad

 

Televerage International

GSEC,GWCIN,GGSC-0100

 

(H) 703 620 0672

(M) 703 407 2278

(F)  703 620 5388

 

primary email address:  jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

www page:                     www.vtext.com/users/jholmblad

text email address:        jholmblad at vtext.com




More information about the list mailing list