"Clearly, the market has not developed ... on its own the cybersecurity requirements," John Brennan says. "Of course, if it did, then we wouldn't have these intrusions and the billions of dollars of losses that companies are now writing off."
After a breach, some organizations meet the minimum requirements for notification and then hope for the best. The Utah Department of Health is taking a very different approach that's worthy of imitation.
International law enforcement agencies last week touted the takedown of 36 websites that were used to sell stolen debit and credit data for more than 2.5 million accounts. But how much of an impact will the takedown ultimately have on card fraud?
Partisan bickering surrounding a bill aimed at protecting the nation's critical IT infrastructure is the likely reason the measure will not come up for a vote in the lower chamber this week, as representatives debate four other cybersecurity bills.
Legislation being drafted by an influential Republican House chairman to reform the Federal Information Security Management Act could, if enacted, reverse Obama administration policy on how IT security is governed in the federal government.
Rep. Dan Lungren, the bill's chief sponsor, contends the regulatory approach taken by his bill would be less intrusive on the private sector than proposed Senate legislation and a plan by President Obama.
"We will provide critical infrastructure owners and operators the timely access to actionable cybersecurity information necessary to protect their own networks and facilities," says one of bill's chief sponsors, Rep. Dan Lungren.