Fixing the Cyber Security Problem

Sep 01, 2009

(PhysOrg.com) -- Our flawed approach to cyber security needs a dramatic overhaul -- and courts should lead the way to reform, argues Edward Imwinkelried, a professor of law at the University of California, Davis, and one of the nation's leading experts on scientific evidence.

In an article in the September-October issue of Judicature, a refereed journal published by the American Judicature Society, Imwinkelried and co-author Michael Cherry call on courts to recognize that obsolete computer systems are a major cause of security breaches.

"As the courts probe (the) causative issues, it will become increasingly clear that computer systems' failure to embed automated alerts is the root problem," they write.

The authors contend that firms must be required to institute the following safeguards to prevent potentially devastating cyber security breaches:

• The ability to automatically detect when sensitive information is being inappropriately retrieved -- as the breach is occurring.

• The ability to instantly protect sensitive information from exposure on detection of a breach.

• ATMs and credit card readers should be tamper proof as well as transmitter free, and they ought to scramble (encrypt) the information that they read.

Recent large-scale breaches of at major companies such as Hannaford Farms, Heartland and Countrywide were not discovered until days, weeks or months after they occurred, the authors note.

In past trials over cyber security breaches, Imwinkelried says that most arguments have focused on the extent to which companies employed external add-ons to safeguard the sensitive information of their clients and customers.

Instead, Imwinkelried urges courts and litigants to "move beyond the superficial question of add-ons."

"The problem of causation in computer security breach litigation runs far deeper than that," he says. "Systems that lack automated alerts are obsolete and need to be updated."

Imwinkelried stressed that the issue has broad significance beyond the courts. "Legislatures contemplating new statutory computer security mandates and companies hoping to upgrade their security should address this as well," he said.

Imwinkelried is the Edward Barrett Jr. Professor of Law at UC Davis and co-author of "Scientific Evidence," a leading treatise in the field that has been cited several times by the U.S. Supreme Court. Cherry is vice chair of the Digital Technology Committee of the National Association of Criminal Defense Lawyers and president of Cherry Biometrics, a Virginia-based consulting firm that advises corporate clients on of computer systems.

About UC Davis

Explore further: New 'Surveyman' software promises to revolutionize survey design and accuracy

add to favorites email to friend print save as pdf

Related Stories

Fingerprint Matching Techniques Need Reform

Jan 22, 2007

Fingerprint matches -- key to fighting international terrorism and keeping criminals off the street -- are no longer foolproof, warns a law professor at the University of California, Davis.

Security loophole found in Windows operating system

Nov 12, 2007

A group of researchers headed by Dr. Benny Pinkas from the Department of Computer Science at the University of Haifa succeeded in finding a security vulnerability in Microsoft's "Windows 2000" operating system.

US IT Systems Highly Vulnerable To Attack

Sep 08, 2005

Our nation's information technology infrastructure, which includes air traffic control systems, power grids, financial systems, and military and intelligence cyber networks, is highly vulnerable to terrorist and criminal ...

Recommended for you

World population likely to peak by 2070

Oct 23, 2014

World population will likely peak at around 9.4 billion around 2070 and then decline to around 9 billion by 2100, according to new population projections from IIASA researchers, published in a new book, World Population and ...

Bullying in schools is still prevalent, national report says

Oct 23, 2014

Despite a dramatic increase in public awareness and anti-bullying legislation nationwide, the prevalence of bullying is still one of the most pressing issues facing our nation's youth, according to a report by researchers ...

Study examines effects of credentialing, personalization

Oct 23, 2014

Chris Gamrat, a doctoral student in learning, design and technology, recently had his study—completed alongside Heather Zimmerman, associate professor of education; Jaclyn Dudek, a doctoral student studying learning, design ...

User comments : 0