Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Articles 1 - 7 of 7

Full-Text Articles in Law

It's Time To Reform The U.S. Vulnerabilities Equities Process, Amy Gaudion Sep 2021

It's Time To Reform The U.S. Vulnerabilities Equities Process, Amy Gaudion

Faculty Scholarly Works

No abstract provided.


Recognizing The Role Of Inspectors General In The U.S. Government's Cybersecurity Restructuring Task, Amy Gaudion Jan 2021

Recognizing The Role Of Inspectors General In The U.S. Government's Cybersecurity Restructuring Task, Amy Gaudion

Faculty Scholarly Works

Months prior to the 2015 public disclosure of a data breach at the U.S. government’s Office of Personnel and Management (OPM), the Office of the Inspector General for OPM issued a report that identified significant deficiencies and material weaknesses in a number of the agency’s information systems and IT security programs. In response to the 2020 SolarWinds supply chain hack, attributed to Russia, calls are underway for inspectors general to conduct audits and inspections and to review prior inspector general assessments of information systems and vulnerabilities at federal agencies. The use of inspectors general to assess information system vulnerabilities and …


Persuasion About/Without International Law: The Case Of Cybersecurity Norms, Steven R. Ratner Jan 2021

Persuasion About/Without International Law: The Case Of Cybersecurity Norms, Steven R. Ratner

Book Chapters

International law on cybersecurity is characterized by at best a thin consensus on the existence of rules, their meaning, and the desirability and content of new rules. This legal landscape results in a unique pattern of argumentation and persuasion by states and non-state actors both in advocating for a regulatory scheme for cyber activity and in reacting to malicious cyber acts. By examining argumentation in the absence of a generally agreed legal framework, this chapter seeks to provide new insights into the motivations for and effects of international legal argumentation in shaping debates and behavior. After describing the legal landscape …


Cybersecurity Stovepiping, David Thaw Jan 2017

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …


Data Breach (Regulatory) Effects, David Thaw Jan 2015

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.


The Efficacy Of Cybersecurity Regulation, David Thaw Jan 2014

The Efficacy Of Cybersecurity Regulation, David Thaw

Articles

Cybersecurity regulation presents an interesting quandary where, because private entities possess the best information about threats and defenses, legislatures do – and should – deliberately encode regulatory capture into the rulemaking process. This relatively uncommon approach to administrative law, which I describe as Management-Based Regulatory Delegation, involves the combination of two legislative approaches to engaging private entities' expertise. This Article explores the wisdom of those choices by comparing the efficacy of such private sector engaged regulation with that of a more traditional, directive mode of regulating cybersecurity adopted by the state legislatures. My analysis suggests that a blend of these …


Enlightened Regulatory Capture, David Thaw Jan 2014

Enlightened Regulatory Capture, David Thaw

Articles

Regulatory capture generally evokes negative images of private interests exerting excessive influence on government action to advance their own agendas at the expense of the public interest. There are some cases, however, where this conventional wisdom is exactly backwards. This Article explores the first verifiable case, taken from healthcare cybersecurity, where regulatory capture enabled regulators to harness private expertise to advance exclusively public goals. Comparing this example to other attempts at harnessing industry expertise reveals a set of characteristics under which regulatory capture can be used in the public interest. These include: 1) legislatively-mandated adoption of recommendations by an advisory …