A recent Pentagon report showing significant intrusions sponsored by the Chinese government is a key contributor to the renewed interest in this issue. A recent report by Mandiant definitively tracing attacks to the Chinese PLA's doorstep exposed some of the methods used in these attacks. Experts have also noted an increased pace of attacks that may be linked to other actors such as Iran.
One provision of the bill would restrict imports of technology that is identified as having been stolen as a result of these attacks.
While it is always important to bring out the results of cyberattacks, it may be more effective to focus attention on promoting good information security practices. Current regulations and security audits tend to focus more on paperwork than on the actual effectiveness of controls.
Good examples of best practices recommendations include the SANS 20 Critical Controls and the 31 guidelines recently released by US CERT.
No comments:
Post a Comment