Privacy group urges rules distinguish between Cyber crime and Cyber terror
A privacy group urged the federal agency charged with drawing up a national framework for Cyber security protections to make distinctions between criminal activity and terrorist threats on the Internet.
In April 8 comments filed with the National Institute of Standards and Technology’s request for information on that agency’s development of a Cyber security platform under president Obama’s executive order, the Electronic Privacy and Information Center, said the distinction is critical to effective, proportionate response.
“The overwhelming majority of Cyber security incidents do not fall within the ‘national security’ designation. As Deputy Secretary Lute has noted, cyberspace should not be managed like a warzone,” said EPIC.
EPIC, which also pushed for solid privacy and civil rights protections based on DHS privacy policies and the president’s “Fair Information Practices (FIPs), said most Cyber security issues amount to civilian crimes committed in cyberspace and are best handled by state and local law enforcement and not as matters of national security. Misappropriation of intellectual property, cyber-espionage, and hacktivism, don’t pose national security threats and should not be treated as such, it said.
Instead, it said the Cyber security framework should focus on reducing risks to critical infrastructure, which it defined as “systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
According to EPIC, only when Cyber security incidents encompass those parameters are they properly classified as Cyber terrorism and fall under national security.
“Too often claims of national security tip the transparency-secrecy scale towards secrecy; thus the Cybersecurity Framework should clearly define what encompasses national security threats. Even those aspects of the Cybersecurity Framework that do fall under national security should be transparent whenever possible,” said EPIC.
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|