As we have previously outlined in detail, sustainability management provides a useful conceptual framework for crafting forward-looking cybersecurity policy. A sustainable approach to cybersecurity involves, among other things, acknowledging that cybersecurity is a shared responsibility, framing business choices that prioritize security as investments, and engaging broadly in risk management practices. The Internet of Things (IoT) ecosystem has reached (or, arguably, passed) an inflection point in its development, and a sustainability-based security baseline for consumer-facing IoT is past due.
In a late-May vehicle safety review, Consumer Reports noticed a problem with the new Tesla Model 3’s brake performance: It stopped more like a truck than a sedan. Within days Elon Musk’s company was able to identify the issue and resolve it through an over-the-air (OTA) update.
Back in 2011, the Federal Trade Commission alleged that Facebook deceived consumers by failing to keep its promises to protect user privacy. The two parties agreed to settle the charges through something called an “agreement containing consent order.” The Commission also signed a consent agreement with Google that same year. The FTC issued a final Decision and Consent Order regarding the Facebook allegations in 2012. (A consent order is an FTC enforcement tool that operates like a legal settlement.) Without admitting to the complaint’s counts, the parties involved signed a document that basically says, “we both agree to enter this agreement to resolve the allegations in the complaint, so now you have to do the following things, and if you fail to do any of them, the FTC is going to impose financial penalties.”
Last week the General Data Protection Regulation (GDPR) came in to force. We previously shared the view that while the GDPR is not quite right for the United States, there are important aspects that should be incorporated into the ongoing discussion about privacy legislation. This post addresses other aspects of GDPR, which have created some uncertainty around ongoing efforts to improve cybersecurity and support public safety. Two such efforts are cybersecurity information sharing and access to WHOIS data.
Yesterday, the Department of Homeland Security and Department of Commerce jointly published a “Report to the President” entitled, “Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats.”