The US House of Representatives Homeland Security subcommittee has approved the creation of an Assistant Secretary of Cybersecurity. Having the US government keeping a watchful eye on IT security issues can be a good thing, because you know politicians will get some funding for it, and you also know they will start squawking about it left and right. The funding will be used for some useless studies, but the squawking will hit the mainstream press, and then everyday folks hear about it. It is like free PR for the security conscious.
However, it always pays to read between the lines.
The article on this from Computerworld noted that the ITAA (Information Technology Association of America) was involved in lobbying for action. And paying association members are usually companies with deep pockets that can use their membership to push some cause that benefits them (which, at face, I have nothing against).
In this case, however, the ITAA is pushing to limit liability for companies subject to data security breaches, if and when they adopt industry standards. So I just have to ask..what the hell does “industry standard” mean? If it is a set of best practices that are mandatory and independently auditable, that’s one thing. But if it is a minimum set of guidelines that are self-policed and subject to interpretation, that’s quite another.
Regardless, you can be fairly certain there will be plenty of loopholes available to corporations, so if they hand their data over some crook, even over and over again like ChoicePoint and LexisNexis did, they won’t have to worry about the people they hurt (through their blooming stupidity) trying to come after them.