Table of Contents
Intel’s Amit Elazari Bar On discussed IoT security, ethical hackers, bug bounties and more.
How the United Nations is fighting global cyber crime
The UN is coordinating with global law enforcement to prevent the rise of state-sponsored cyber crime, says UN Chief of Cyber Crime Neil Walsh.
Combine an academician, a practitioner, a technician and a lawyer, and you have Dr. Amit Elazari Bar On, director of global cyber security policy at Intel and teacher at UC Berkeley’s School of Information, who focuses on cyber law, privacy and intellectual property.
Before Intel, Elazari Bar On promoted Israeli patented photovoltaic technologies and served in an Israeli military elite intelligence unit.
In short, she knows her cyber security and is not afraid to share.
SEE: Starting a career in cyber security: a guide for insiders (free PDF) (TechRepublic download)
In collaboration with the UCLA Burkle Center for International Relations, Elazari recently held a live podcast to discuss her research on cyber security, patents, copyright, privacy and private orders, and the evolving cyber security issues that are tormenting businesses.
The emphasis was on how security is one of the most evolving and impactful landscapes in the regulatory area and the proposed initiatives in the area of data protection, Internet of Things (IoT), Coordinated Vulnerability Disclosure (CVD) and more.
Here are some highlights from the Elazari story:
The ethical hacker and bug premiums
Elazari discussed the emergence of the ethical hacker, someone looking for vulnerabilities in cyber systems and reporting vulnerabilities to the company so that they can reduce vulnerability and provide a patch for a solution.
She referred to the drone manufacturer’s DJIs
bug bounty program
and explained: “This is actually a concept that is not only developing in Silicon Valley, but in the entire technology sector.
“This is the idea that companies can actually collaborate with external hackers, ethical hackers, friendly hackers and security researchers,” who are not employed by the organization “, but test the devices there for potential security issues or for potential issues that may cause user leak information. or whatever. ”
The companies “actually offer cash rewards, yes, as in the wild, wild west,” Elazari continued.
The security community, she says, loves the concept of bug bounties and is becoming increasingly popular in Europe, with the Swedish and Dutch communities.
Hacking, however, is not clean and it also does not work according to a plan, she said. “It’s really about collaboration and enhancing collaboration, and this is becoming more important as we think about all the regulatory initiatives and concepts we have in the area of IoT security, an area that is absolutely crucial,” she said.
In the case of the DJI system, an ethical hacker has discovered a vulnerability, she said. He reported it, but due to miscommunication and disagreements, “a legal threat letter was exchanged, citing a piece of legislation you may have heard about, computer crime and fraud, the Computer Crime Fraud and Abuse Act,” she said.
The Computer Crime Fraud and Abuse Act (CFAA), said Elazari, is one of the most important anti-hack laws in the United States.
“In fact, it’s about the legality of activities such as hacking into unauthorized access to computers and dealing with issues of criminal and civil liability regarding hacking,” Elazari explained. “And those are issues that we still have some legal ambiguity around, academically, here in the United States. It touches on important issues such as the legality of scraping information from the internet, and the relationship between employees and companies, and how employees potentially violate the company due to (policy of) computer use. “
Because of how interconnected everyone seems to be, “what we see with connectivity, (are) definitely proposed regulations of security and privacy policies,” Elazari said. She brought the
California Consumer Privacy Act (CCPA)
, this is the California privacy law that comes to consumers in California from January 2020.
“This is just an example of the kind of problems we see and the regulatory landscape, the issue of equipping users with rights, about their data,” she said.
SEE: What businesses should know about the California Consumer Privacy Act (CCPA) (TechRepublic Premium)
She focuses less on cyber security issues on the violation of confidentiality, but on the misuse of the way the information is processed.
Management of personal data
“In the past, conversations (focused on the) type of damage (that) occurred, data damage,” she said. “Today we see regulators talk a lot about data rights,” basically regulatory concepts, “individuals have the right to delete data in their data and the right to transfer their information. All of these concepts are extensions that we see in the regulatory landscape, and we need to think about things like harmonization, while addressing those issues. “
“Regulators,” she continued, “are very technically and technically educated. So the Federal Trade Commission, the most important consumer protection organization here in the United States, has done a lot of security work. And what’s interesting is that if you looks at some of the settlements they have brought against companies . they have very detailed settlements. They have technical experts, they have a whole department of engineers working with the lawyers, and they are going into weeds. ”
Passwords are still a security issue, but in the future Elazari commented: “You will no longer have passwords, and these are the kind of innovations we are working on.”
Technologies are international and continue to cross borders. “That’s why we have international standards for this,” she said. “That is why we need harmonization. The UK court suggested that vulnerability release policies are one of the issues they want to see in IoT security. So this is a global problem. We need to harmonize and we need to to think about the global nature of technology. “
Cyber Security Insider Newsletter
Strengthen the IT security of your organization by staying up to date with the latest news, solutions and best practices for cyber security.
Delivered on Tuesday and Thursday
You must log in to post a comment.