Congress is looking into consumer data security: But will it actually act?

[InfoSec News <alerts () infosecnews org>]

http://pando.com/2014/02/03/congress-is-looking-into-consumer-data-security-but-will-they-actually-act/

BY CALE GUTHRIE WEISSMAN
Pando Daily
FEBRUARY 3, 2014

Today in Washington, a congressional Banking, Housing, and Urban Affairs 
subcommittee met to discuss recent consumer financial data breaches, and 
the role retailers, bankers, and the government must play to prevent them 
from happening again. Leading the subcommittee was Congressman Mark Warner 
of Virginia, who detailed the necessity for swift action. He repeatedly 
called for unity among all players — including bankers, retailers, and 
credit cards — noting that all must be on the same page and not consider 
the others antagonists in order to successfully protect millions of 
consumers’ personal data.

The elephant in the room was undoubtedly the ongoing Target and Neiman 
Marcus security breach, which allowed hackers access to millions of 
customers personal financial information. Executives from these companies 
will be testifying to Congress in the coming weeks. The looming question 
on the tip of each senator’s tongue was, what can be done to prevent such 
a data fiasco from happening again?

Senator Mark Warner, the subcommittee’s chair, noted that last year cyber 
crime caused reportedly $300 billion in damage, and that that statistic 
has most definitely increased over the last year. He questions the tactics 
the Secret Service has taken when looking at and trying to block 
large-scale security breaches. “Why is that that the security service or 
even security bloggers are the first to know of these attacks,” pointing 
to private companies and news outlets who made the Target story public. He 
then queried, “why is it taking us so long to respond?”

The first panelists at the hearing — William Noonan, Deputy Special Agent 
in Charge of the US Secret Service, and Jessica Rich, the Director of the 
FTC’s Bureau of Consumer Protection — didn’t provide too much insight into 
either of these question. They did insist, of course, that their 
organizations are working to protect such crimes from happening again. 
Given the constantly evolving state of cybercrime Noonan noted that 
“malware can be molded and changed per attack.” And he ultimately agreed 
that the legislative action would help his organization a great deal.

Ms. Rich repeatedly harped on the fact that there is no federal standard 
for data security practices. “It would be extremely helpful to have a 
federal law around data security… with civil penalties,” she said. She 
continued repeating this as the hearing continued.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/