The Federal Information Security Management Act of 2002: A Potemkin Village

Due to the daunting possibilities of cyberwarfare, and the ease with which cyberattacks may be conducted, the United Nations has warned that the next world war could be initiated through worldwide cyberattacks between countries. In response to the growing threat of cyberwarfare and the increasing importance of information security, Congress passed the Federal Information Security Management Act of 2002 (FISMA). FISMA recognizes the importance of information security to the national economic and security interests of the United States. However, this Note argues that FISMA has failed to significantly bolster information security, primarily because FISMA treats information security as a technological problem and not an economic problem. This Note analyzes existing proposals to incentivize heightened software quality assurance, and proposes a new solution designed to strengthen federal information security in light of the failings of FISMA and the trappings of Congress’s 2001 amendment to the Computer Fraud and Abuse Act

Cybersecurity of Autonomous Systems in the Transportation Sector: An Examination of Regulatory and Private Law Approaches with Recommendations for Needed Reforms

The past twenty-five years gave rise to increasing levels of automation within the transportation sector. From initial subsystems, like vessel satellite tracking and automobile chassis control, automation continues apace. The future promises fully autonomous devices such as unmanned aerial systems (“UAS”) and self-driving cars (“UAV”). These autonomous and automatic systems and devices (“AASD”) provide safety, efficiency, and productivity benefits. Yet AASD operate under continual threat of cyber-attack. ¶ Compromised AASD can produce dire consequences in the transportation sector. The possible consequences extend far beyond financial harms to severe bodily injury or even death. Given both the prevalence of cyber threats and their potentially deadly consequences, the public holds a legitimate interest in ensuring that incentives exist to address the cybersecurity of such systems. ¶ This paper examines both the private and public law mechanisms for influencing AASD cybersecurity behaviors in the transportation sector; and undertakes the first comprehensive comparison of existing agency regulatory schemes. The findings presented herein propose: (1) additional legislation to promote sharing of cyber event data; and (2) transportation sector regulatory best practices that require mandatory submission and review of cybersecurity plans by OEMs and service providers when compromise of their products or services threatens safety of life or critical infrastructure. None of the recommendations advanced herein require regulators to direct the adoption of any specific technical solution or specific cybersecurity standard. Thus, industry participants can remain nimble in the face of evolving cyber threats, while ensuring public safety through what proves to be needed regulatory oversight

On-line design firm - Designsharing.com: Non-profit collaborative design community web site

One of the most amazing inventions in the history of humankind is the internet. Nowadays, the internet environment is changing so fast that it is almost impossible to keep up with advancing technologies. It also is growing so quickly, that its use is spreading to involve almost all aspects of human life, from online banking to job searches to finding directions to researching material for children\u27s school projects. Without the internet, many people would feel totally impotent, unable to function for a single day. The burgeoning role of the internet, in turn, has resulted in almost unlimited growth in the possibilities of website design. Moreover, virtually anyone with access to the internet, minimal resources and perfunctory knowledge of how it works can design a website. The range of web \u27designers\u27 extends from the layperson creating a website to feature family photos to professional web designers creating multi-page electronic markets. The results of these designs are evident for everyone to see... with a simple click, one person almost immediately can view what someone else has designed, but not necessarily how. Nonetheless, by placing your work online, you are sharing your own amateur or professional design with an endless number of people you do not even know. Designsharing.com is a web resource to which experienced designers can go to share web design ideas and practices; and a place where inexperienced designers can go to get ideas for how to start. In this thesis, I will discuss the workings of Designsharing.com and how this site may become an important player in the worldwide web design theatre. By researching the site, anyone can extract concrete ideas about new design processes in the cyber design environment. This can reduce both the time required for and costs of designing a new site or modifying and upgrading an existing one. This new design process also has an educational function for inexperienced designers. Designers can share design concepts, including design trends, new ways to present information and design issues specific to a given country. A wide variety of designers can become registered members of Designsharing.com where they further may become involved in real design projects. Moreover, this system can serve as a real job market for those interested in futuristic cyber-space design. Designsharing.com enhances communication between inexperienced and professional designers, a process which is mutually beneficial. For example, under most circumstances, new designers have had relatively limited exposure to E-marketplaces, so that their ideas, though fresh, are vulnerable to inefficiency and ineffectiveness. On the contrary, as years go by, most professional designers become stereotyped. They may have tremendous experience in their field, but their ideas may have become stale and out-of-date. To prevent this, they need to maintain steady exposure to fresh ideas from the outside. As a result, this cyber design space has the potential to become a lively design community. Many less skilled designers create design projects without researching design trends or the newest advances. Designsharing.com will feature a section on new technology and design trends, called Design News. All members may share in this information and even respond to it or make suggestions of their own. Even guests will have access to some of this information. Design committee members are entrusted by Designsharing.com to decide on the validity of proposed projects via on-line conferences and voting with public members in each design process phase. This process is a good strategy for determining the quality and suitability of new design concepts. Clients also have an opportunity to let their finished ideas be reviewed by the Designsharing.com membership community. Their new sites can be displayed in a simulated cyber market, in advance of their launching into the real market. Although this design community site is a non-profit business, each design project brings with it our member\u27s valuable ideas, skills and resources. One crucial issue in web design has been the lack of protection for images, pictures and trademarked material, an issue that has soured some developers from entering into the Web or expanding their Web presence. Security and copyright issues become a most important factor in a new online design firm. Designsharing.com will research copyrights of tangible ideas with various experts in each country. If Designsharing.com can determine how to distribute profits fairly to all members, this unique design process will be a valuable challenge to influence the current design process. Thus, Designsharing.com is not only a design community, but also the first cyber design institute in the world. Because the web site design process is not only an issue for designers, everyone can be a member of this community site, without restrictions. This community is totally open to everyone, because purchasing is one of the design activities. You can join this design community freely and share your ideas with anyone

Attack-prevention and damage-control investments in cybersecurity

This paper examines investments in cybersecurity made by users and software providers with a focus on the latter's concerning attack prevention and damage control. I show that full liability, whereby the provider is liable for all damage, is inefficient, owing namely to underinvestment in attack prevention and overinvestment in damage control. On the other hand, the joint use of an optimal standard, which establishes a minimum compliance framework, and partial liability can restore efficiency. Implications for cybersecurity regulation and software versioning are discussed