Fixing the Cyber Security Problem

Sep 01, 2009

( -- Our flawed approach to cyber security needs a dramatic overhaul -- and courts should lead the way to reform, argues Edward Imwinkelried, a professor of law at the University of California, Davis, and one of the nation's leading experts on scientific evidence.

In an article in the September-October issue of Judicature, a refereed journal published by the American Judicature Society, Imwinkelried and co-author Michael Cherry call on courts to recognize that obsolete computer systems are a major cause of security breaches.

"As the courts probe (the) causative issues, it will become increasingly clear that computer systems' failure to embed automated alerts is the root problem," they write.

The authors contend that firms must be required to institute the following safeguards to prevent potentially devastating cyber security breaches:

• The ability to automatically detect when sensitive information is being inappropriately retrieved -- as the breach is occurring.

• The ability to instantly protect sensitive information from exposure on detection of a breach.

• ATMs and credit card readers should be tamper proof as well as transmitter free, and they ought to scramble (encrypt) the information that they read.

Recent large-scale breaches of at major companies such as Hannaford Farms, Heartland and Countrywide were not discovered until days, weeks or months after they occurred, the authors note.

In past trials over cyber security breaches, Imwinkelried says that most arguments have focused on the extent to which companies employed external add-ons to safeguard the sensitive information of their clients and customers.

Instead, Imwinkelried urges courts and litigants to "move beyond the superficial question of add-ons."

"The problem of causation in computer security breach litigation runs far deeper than that," he says. "Systems that lack automated alerts are obsolete and need to be updated."

Imwinkelried stressed that the issue has broad significance beyond the courts. "Legislatures contemplating new statutory computer security mandates and companies hoping to upgrade their security should address this as well," he said.

Imwinkelried is the Edward Barrett Jr. Professor of Law at UC Davis and co-author of "Scientific Evidence," a leading treatise in the field that has been cited several times by the U.S. Supreme Court. Cherry is vice chair of the Digital Technology Committee of the National Association of Criminal Defense Lawyers and president of Cherry Biometrics, a Virginia-based consulting firm that advises corporate clients on of computer systems.

About UC Davis

Explore further: Countering social influence and persuasion of extremist groups

Related Stories

Fingerprint Matching Techniques Need Reform

Jan 22, 2007

Fingerprint matches -- key to fighting international terrorism and keeping criminals off the street -- are no longer foolproof, warns a law professor at the University of California, Davis.

Security loophole found in Windows operating system

Nov 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

US IT Systems Highly Vulnerable To Attack

Sep 08, 2005

Our nation's information technology infrastructure, which includes air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal ...

Recommended for you

Having children later makes parents happy

6 hours ago

Children can be a source of delight, and then in the next moment leave their parents feeling completely exasperated. Thus, the answers to the question of whether having children leads to happiness have varied. ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.