Cyber Security

(some negatives of social media cont.)

 There is essentially no liability for cyber security failures, ie
"...the standard contract that comes with any software package disclaims liability and shifts responsibility to the end user; for the most part, courts have upheld those agreements..."
Paul Rosenzweig, 2017

Two potential types of liability that need to be considered

i) strict liability of any defect in a product (it is literally impossible to write bugless code)

ii) negligence or reasonable-care standard (this needs to be focused on reasonableness and best efforts; not an expectation of perfection)

Some ways to handle this

i) insurance coverage (unfortunately there is a lack of historical data on cyber risk (like frequency, causality, potential damages, records of cyber incidents, etc) to make informed decisions, ie
"...the more data you have, the better your predictive models..."
Paul Rosenzweig, 2017

ii) code of conduct (needs to address the following questions:
"...Can you explain to policy makers and insurers how you design and develop your software products? Do you have adversarial testing on your products and for critical components of your supply chain? If not, why not? Are you open a third party research that finds flaws in your systems?......If you have a good faith report of a problem, how do you respond to it? What are the forensics of your systems? How do you provide tamper evidence, forensically sound logging and evidence capture to facilitate safety investigations? Are your systems capable of being securely updated in a prompt and agile way?......How are your cyber systems incorporated in the physical systems you are building? Is there......a physical and logical isolation that separates critical systems from non-critical systems..."
Paul Rosenzweig, 2017

Search For Answers

designed by: bluetinweb

We use cookies to provide you with a better service.
By continuing to use our site, you are agreeing to the use of cookies as set in our policy. I understand