Thursday, May 06, 2021

Cybersecurity for Idiots

 

Honeywell fined US$13 million for sharing military specs with China



Bambauer, Derek E., Cybersecurity for Idiots (March 18, 2021). 106 Minnesota Law Review Headnotes __ (2021 Forthcoming), Arizona Legal Studies Discussion Paper No. 21-04, Available at SSRN: https://ssrn.com/abstract=3807529

“Cybersecurity remains a critical issue facing regulators, particularly with the advent of the Internet of Things. General-purpose security regulators such as the Federal Trade Commission continually struggle with limited resources and information in their oversight. This Essay contends that a new approach to cybersecurity modeled on the negligence per se doctrine in tort law will significantly improve cybersecurity and reduce regulatory burdens. It introduces a taxonomy of regulators based upon the scope of their oversight and the pace of technological change in industries within their purview. Then, the Essay describes negligence per se for cybersecurity, which establishes a floor for security precautions that draws upon extant security standards. By focusing on the worst offenders, this framework improves notice to regulated entities, reduces information asymmetries, and traverses objections from legal scholars about the cost and efficacy of cybersecurity mandates. The Essay concludes by offering an emerging case study for its approach: regulation of quasi-medical devices by the Food and Drug Administration. As consumer devices increasingly offer functionality for both medical and non-medical purposes, the FDA will partly transition to a general-purpose regulator of information technology, and the negligence per se model can help the agency balance security precautions with promoting innovation.”



Fortune - Data overload is real – “Do you suffer from data overload? This painful condition has skyrocketed as organizations have massively increased the amount of data they collect and then…well, that’s the question—what should you actually do with it? To talk this through, I reached out to Shari Littan, director of corporate reporting research and policy at the Institute of Management Accountants (IMA), an organization for accounting and finance professionals with 140,000 members. Littan, who was previously a practicing attorney in securities and corporate litigation, has thought a lot about data and financial reporting. The trick, she says, is helping members deal with the proliferation of tech-based solutions “not only get their job done but free them up to apply their expertise to help their organizations around higher-level considerations—risk, innovation, strategy, and leadership,” she says. As Littan quips, “What gets measured gets managed—unless I’m spending all of my talent resources measuring with none left for actually managing.” A “pain point” for many of IMA’s members is a lack of access to collaborative cloud-based technology, Littan tells me, a point she explored in a recent report which she coauthored titled Building Financial Reporting Resilience Through Collaborative Cloud-Based Solutions…”