Fixing the Cyber Security Problem

September 1, 2009

( -- Our flawed approach to cyber security needs a dramatic overhaul -- and courts should lead the way to reform, argues Edward Imwinkelried, a professor of law at the University of California, Davis, and one of the nation's leading experts on scientific evidence.

In an article in the September-October issue of Judicature, a refereed journal published by the American Judicature Society, Imwinkelried and co-author Michael Cherry call on courts to recognize that obsolete computer systems are a major cause of security breaches.

"As the courts probe (the) causative issues, it will become increasingly clear that computer systems' failure to embed automated alerts is the root problem," they write.

The authors contend that firms must be required to institute the following safeguards to prevent potentially devastating cyber security breaches:

• The ability to automatically detect when sensitive information is being inappropriately retrieved -- as the breach is occurring.

• The ability to instantly protect sensitive information from exposure on detection of a breach.

• ATMs and credit card readers should be tamper proof as well as transmitter free, and they ought to scramble (encrypt) the information that they read.

Recent large-scale breaches of at major companies such as Hannaford Farms, Heartland and Countrywide were not discovered until days, weeks or months after they occurred, the authors note.

In past trials over cyber security breaches, Imwinkelried says that most arguments have focused on the extent to which companies employed external add-ons to safeguard the sensitive information of their clients and customers.

Instead, Imwinkelried urges courts and litigants to "move beyond the superficial question of add-ons."

"The problem of causation in computer security breach litigation runs far deeper than that," he says. "Systems that lack automated alerts are obsolete and need to be updated."

Imwinkelried stressed that the issue has broad significance beyond the courts. "Legislatures contemplating new statutory computer security mandates and companies hoping to upgrade their security should address this as well," he said.

Imwinkelried is the Edward Barrett Jr. Professor of Law at UC Davis and co-author of "Scientific Evidence," a leading treatise in the field that has been cited several times by the U.S. Supreme Court. Cherry is vice chair of the Digital Technology Committee of the National Association of Criminal Defense Lawyers and president of Cherry Biometrics, a Virginia-based consulting firm that advises corporate clients on of computer systems.

About UC Davis

Explore further: US IT Systems Highly Vulnerable To Attack

Related Stories

US IT Systems Highly Vulnerable To Attack

September 8, 2005

Our nation's information technology infrastructure, which includes air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal ...

Fingerprint Matching Techniques Need Reform

January 22, 2007

Fingerprint matches -- key to fighting international terrorism and keeping criminals off the street -- are no longer foolproof, warns a law professor at the University of California, Davis.

Security loophole found in Windows operating system

November 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

Recommended for you


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.