Cybersecurity research and vulnerability disclosures must be protected. And to do so effectively, cybersecurity stakeholders and IT technical support professionals will need to work together in a more effective and efficient manner.
That’s the position taken in a recent report published by the University of California at Berkeley. The report, titled “Cybersecurity Research: Addressing the Legal Barriers and Disincentives,” is the result of a workshop held in April 2015, and convened by the National Telecommunications and Information Administration, which assembled diverse groups of computer scientists and lawyers from industry, civil service, and academia.
Researchers from the University of California at Berkeley School of Information, as well as the UC Berkeley School of Law, the Berkeley Center for Law and Technology, and the International Computer Science institute joined forces to publish the report, backed by a National Science Foundation grant. The report provides an overview of the challenges which are common to vulnerability research and disclosure – as well as specific recommendations for action and future research endeavors.
Hurdles identified by the report include laws relating to the at-times inevitable disclosure of intellectual property when reporting vulnerabilities, as well as legal confusion, strong-arming, and political pressure.
Two “immediate policy interventions” were adopted by the participants in the workshop. The first involved the issuing of a statement on the value of cybersecurity research and the negative impact posed by legal barriers. The second included participation in processes in which those barriers could be addressed, such as the triennial review of the Digital Millennium Copyright Act by the Copyright Office.
“The legal impediments to cybersecurity research arise from various sources, including the Computer Fraud and Abuse Act, section 1201 of the Digital Millennium Copyright Act, and the wiretap laws,” the statement says. “The impediments also arise from contracts and terms-of-service (the breach of which may expose one to criminal liability) that broadly prohibit modifications of devices or collections of data. As the urgency of the cybersecurity threat has grown, the inhibiting effect of these laws has also grown.”
The report also recommends additional study into the cost of research barriers; guidance on the application of existing laws; clarification that even researchers not backed by a famous university demonstrate good intent through good practices; best practices for reporting vulnerabilities; and educating policymakers and the public.
Just prior to the workshop that produced the report, a White House statement that the government had “reinvigorated” its vulnerability disclosure policies was questioned by the Electronic Frontier Foundation. Stakeholders and IT technical support professionals will have to work quickly to improve the cybersecurity research environment to head off increasing attacks and vulnerability, as referred to in the report – even as industry titans appear unable to agree on best practices for disclosure.
Here at Be Different Solutions, we are dedicated to helping you find IT technical support people who can help you put such safeguards in place. All of our talented, driven, professional people are located in one of our two Europe- or U.S.-based offices. They’re guaranteed to be highly proficient in conversational English.
Contact us today to see how we can help you find the right IT technical support help!