Shannon Kellogg

If you read Ira Winkler's March 26, 2007 op-ed at Computerworld.com the resounding answer appears to be a 'yes'. Winkler seems to say that all Congress has to do is pass legislation that includes very specific requirements aimed at current threats in cyberspace (primarily Botnets); that Congress should make ISPs "knock bot PCs off their networks"; and that others should take certain steps. He also argues that Congress should "...Make end users liable if losses are incurred as a result of outdated security software."

This is a good question and, in my view, the answer right now is a "maybe". The conditions in support of a Federal law are in place: the deluge of breaches of sensitive information that we witnessed in 2006 nationwide hasn't slowed down in 2007; more states have passed breach notification laws, with over three dozen now in place; and key Committee Chairmen in the Democrat-controlled U.S. Congress have either introduced legislation or announced this issue as a top priority of their respective Committees. So, if there's all this momentum behind the possible passage of a national law, why just a "maybe"? The simple answer could be that one of the biggest barriers to passage of Federal data security and breach notification law is related to jurisdictional issues in Congress...

Greg Garcia, the Assistant Secretary for Cyber Security and Telecommunications at the U.S. Department of Homeland Security, was seen early and often at the RSA Conference last week. Given that the Conference is the largest industry-wide event on information security in the world, he had plenty of folks to listen to. And, listen, he did. From my perspective, it was especially gratifying to see our nation's first Assistant Secretary for Cyber Security and Telecommunications at DHS so visible and so engaged at the RSA Conference. This is a position for which many of us in the industry have advocated for quite some time and, after four months on the job, he is off to a solid start...

I joined RSA Security in September 2003 and, shortly after arriving at the company, I was introduced to our senior researchers at RSA Laboratories, who were working on research related to an emerging technology, Radio Frequency Identification - or RFID. The RSA Labs researchers told me that they were researching the privacy and security challenges - and the use of - this RFID, and were also working on technology concepts and approaches that could help enable the use of this technology. Some of that work has become fairly well known in the industry, including the invention of the RSA Blocker Tag, an RFID privacy device that was invented at RSA Labs in 2003 (RSA Security was issued a patent by the U.S. Patent Office in December 2005). As I learned more about RFID...

An article by Joris Evers on News.com earlier this month, indicated that the answer to this question might be a 'yes', per the security experts" that were quoted in the article. One of those experts, a doctoral student at the Royal Institute of Technology in Sweden, was quoted as saying that "users should worry about their jobs, not security..." Oh really? This same student went on to say at an industry security conference that he doesn't believe that "user education will solve problems with security because security will always be a secondary goal for users." Another conference participant -- this one reportedly a "U.K.-based security specialist at IBM" ...

There was an interesting op-ed in the October 14th edition of The Washington Post entitled "The Identity Theft Scare" by Fred Cate of Indiana University. Professor Cate argues that while identity theft is receiving lots of attention these days, "...The happy ending to the VA [U.S. Veterans Administration] saga should have come as no surprise. The fact is that few if any such breaches lead to identity theft or other consumer injuries." I sincerely hope Professor Cate is right because, in addition to the plethora of "data breaches" that have already been announced since the ChoicePoint debacle in early 2005, the House Government Reform Committee just last week released ...

Earlier this year, I was attending a financial industry event featuring numerous global banks and other large multi-national organizations, and at a certain point the conversation turned to industry and government concerns over a flu pandemic and what could be done to secure mobile workers. I was expecting a lot of hand wringing and uncertainty -- especially after the rather eye-opening briefing that we had received from a certain government official at the event -- but to the contrary, the financial guys in the room were cool and calm. The group discussed various steps that they were taking or looking at to ensure their workforces were mobile and able to cope in the event of a global pandemic outbreak. Several financial IT executives and industry regulators were espousing the virtues of telework...

Whether you live inside or outside the "Beltway" -- local parlance for whether you're a true D.C. insider -- I am sure that you will have heard it said at one time or another that what happens in Washington, D.C. does not always reflect the reality of what's happening outside of the nation's capital. 'Talking head' shows on TV or the radio assert how Beltway insiders are out of touch with "real Americans" or that "politics is the only thing that matters" in the city. Well, this year should be no different. As Congress recesses and heads home for the annual August vacation, which will be spent campaigning for this year's mid-term congressional elections, there will be many issues on the minds of Americans of various voting ages and political persuasions: the ongoing war on terrorism, the growing crisis in the Middle East, high energy prices, status of the economy, etc...