Showing 4 ideas for tag "legal"

8. Building Effective Security into Acquisitions

IT Hardware Country of Origin Limits

Community Member kudos icon + Community member
With the preponderance of IT devices and chipsets being manufactured in China, there is a distinct possibility that the PLA is hard-coding spyware and back-doors in the hardware built there. Acquisition laws need to specifically require that all components & sub-components used in sensitive IT / data communications systems be built / fabricated and assembled by U.S. companies in the US. Further, safeguards (inspections... more »

Voting

8 votes
Public Input

5. Sharing of Threat Intelligence

"Skin in the Game”

Community Member kudos icon + Community member
A multifaceted approach of building trust, having “skin in the game” (“AntiFragile” - Taleb), incentives and penalties for both industry and government. It has to be made in the best interest of both “parties” to share threat intelligence. This coupled with a multifaceted approach of incentives, disincentives, non attribution, etc. Then you increase the probability that sharing will occur. The incentives for government... more »

Voting

2 votes
Public Input

5. Sharing of Threat Intelligence

Supported ITAPS recommendations

Community Member kudos icon + Community member
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can... more »

Voting

1 vote
Public Input