Page 30 - Cyber Warnings
P. 30
force businesses to strengthen their defenses. They require banking, energy, and major tech
companies to report attacks. And they talk about how EU nations must cooperate on network
security matters. Meanwhile, cybersecurity legislation was introduced or considered in at least
28 U.S. states last year. And 15 states enacted such laws in 2016, according to The National
Conference of State Legislatures.
Most of these laws and bills address national infrastructure and governmental agencies. But
some of these laws specifically target the interests of businesses. For example, one of the three
cybersecurity bills signed into law in California last year was S.B. 1137. It makes it a crime for a
person to knowingly introduce ransomware into any computer, computer system, or computer
network.
Colorado’s H.B. 1453 calls for the creation of a state cybersecurity council to provide policy
guidance to the governor. That council will also coordinate with the general assembly and the
judicial branch regarding cybersecurity. Utah H.B. 241, which the governor signed in March of
2016, enacts civil penalties for hackers. And Washington state’s H.B. 2375, which the governor
signed in April of 2016, establishes the State Cybercrime Act.
Looking ahead
Of course, the incoming presidential administration in the U.S. is not expected to be heavy
handed with regulations. However, the high-profile subject of cybersecurity could be the
exception. That said, organizations with a stake in cybersecurity and related regulations –
which is to say most organizations – need to be ready for what’s happening on that front.
Businesses that aren’t already involved in the cybersecurity discussion may want to start voicing
their opinions and offering a hand on these efforts now, before cybersecurity regulatory
decisions are cemented.
At the same time, businesses should keep in mind that regulations typically lag technology by
three to four years. That means businesses need to go beyond simply complying with
cybersecurity regulations. They need take additional steps to ensure their organizations are as
secure as their risk assessments suggest they need to be.
About Tom Gilheany
Tom Gilheany is Cisco’s Product Manager for Security Training and
Certifications. He has a diverse background in startups through
multinational Fortune 100 companies. Combining over 20 years of product
management and technical marketing positions, and over a dozen years in
IT and Operations, he has conducted nearly 50 product launches in
emerging technologies, cybersecurity, and telecommunications. Tom holds
a CISSP, an MBA, and is an active board member of the Silicon Valley
Product Management Association and Product Camp Silicon Valley.
30 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
