来源类型 | Research Reports
|
规范类型 | 报告
|
DOI | https://doi.org/10.7249/RR2008
|
来源ID | RR-2008-WFHF
|
| Exploring Cyber Security Policy Options in Australia |
| Igor Mikolic-Torreira; Don Snyder; Michelle Price; David A. Shlapak; Sina Beaghley; Megan Bishop; Sarah Harting; Jenny Oberholtzer; Stacie L. Pettyjohn; Cortney Weinbaum; et al.
|
发表日期 | 2017
|
出版年 | 2017
|
页码 | 14
|
语种 | 英语
|
结论 |
Government Solutions to Improve Cyber Security and Protect Consumers Must Consider Interconnected Factors - Participants saw a need for improved reporting processes that protect businesses from financial consequences while also protecting consumers whose data have been compromised.
- Participants questioned how the Australian government could hold device manufacturers accountable for cyber security breaches without stifling innovation. Many of the technologies sold in Australia are manufactured abroad, highlighting a need for international partnerships to strengthen cyber security.
- Participants questioned whether the standard required to assign attribution for cyber attacks in an Australian court of law should be the same as that used to assign attribution for state-sponsored attacks.
Security Is Not Designed into Products, Indicating a Role for Government to Develop Cyber Security Standards- Consumers are insufficiently informed about security, and manufacturers, importers, and retailers are not incentivised to build and sell secure devices. A security logo visible on product packaging could inform users' purchasing decisions, leading to financial incentives for sellers.
- Participants felt that users should be able to opt out of digital connectedness and data sharing, though many devices today do not offer these options. Further, this connectedness sometimes provides no obvious value to the user.
|
摘要 |
- Even if perfect attribution of a cyber attack is not possible, future exercises should determine what level of confidence is sufficient to pursue a case, and laws, regulations, investigations, and behavioural norms should be designed around that framework.
- Australia should enter into international agreements that create avenues for criminal investigations and prosecutions, but these agreements should not limit the Australian government's options to provide for its own defence, security, and law enforcement.
- Some values are worth protecting and defending, even if doing so comes at a significant cost. However, future exercises should explore how to draw such a line, and the Australian government should determine what options it is prepared to take if that line were crossed.
- Citizens are increasingly unable to opt out of digital connectivity. Future exercises should determine whether certain types of devices should be operable offline, as well as how standards should be written and whether users should be able to opt out of data sharing.
- Local governments should collaborate with industry partners to develop a quality assurance system for connected devices that can be used on packaging and that is understandable to consumers. This initiative should include a plan for responding to attacks on these products and should assign responsibility for such a response.
- Cyber security instruction should be integrated into school curricula, with these lessons enforced by education and awareness campaigns targeting adults.
|
主题 | Australia
; Cyber and Data Sciences
; Cybercrime
; Databases and Data Collection
; Analysis
; and Processing
; Information Privacy
; The Internet
|
URL | https://www.rand.org/pubs/research_reports/RR2008.html
|
来源智库 | RAND Corporation (United States)
|
引用统计 |
|
资源类型 | 智库出版物
|
条目标识符 | http://119.78.100.153/handle/2XGU8XDN/108538
|
推荐引用方式 GB/T 7714 |
Igor Mikolic-Torreira,Don Snyder,Michelle Price,et al. Exploring Cyber Security Policy Options in Australia. 2017.
|
文件名:
|
x1502134248780.jpg
|
格式:
|
JPEG
|
文件名:
|
RAND_RR2008.pdf
|
格式:
|
Adobe PDF
|
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。