In the United States will tighten punishment for hackers
The US Presidential Administration has compiled a list of legislative changes (PDF) that address the protection of computer systems that are critical. In particular, for damage to the “critical infrastructure” for the hacker, mandatory imprisonment with a minimum period of three years is proposed.
The administration also proposes to adopt a federal law specifying protective measures that all critical network operators are required to take - install anti-virus software, firewall, etc., and then conduct a mandatory audit of the system by an independent commercial auditor.
Coordination of all actions will the Department of Homeland Security. He will be able to make changes to the law after it is adopted, and companies will be obliged to inform DHS in 60 days of all serious incidents of entry into their systems. Do so should companies that store data on more than 10 thousand users, subject to data leakage of at least 5,000 people. Public awareness is not required and may be minimal. A complete list of DHS credentials is contained in this document .
Who then falls under the definition of “critical infrastructure”, that is, to whom will the new rules apply? These are companies that manage systems important to national security, economic security, public health, and public security. Among others, they are producers and transporters of oil, gas, water, electricity, telecom operators, financial and banking systems, hospitals, transportation services, various government agencies, etc.
')
According to independent lawyers , the administration’s proposals are not effective, since they do not provide for any punishment for poor defense, not even a fine. On the contrary, hackers will be punished.
The minimum three-year term will be added to the term obtained for violating other laws, as will be established by the court. Moreover, hackers are invited to automatically extend the effect of the Racketeering-Influenced and Corrupt Organizations Act (RICO), which applies to members of organized criminal groups.
The administration also proposes to adopt a federal law specifying protective measures that all critical network operators are required to take - install anti-virus software, firewall, etc., and then conduct a mandatory audit of the system by an independent commercial auditor.
Coordination of all actions will the Department of Homeland Security. He will be able to make changes to the law after it is adopted, and companies will be obliged to inform DHS in 60 days of all serious incidents of entry into their systems. Do so should companies that store data on more than 10 thousand users, subject to data leakage of at least 5,000 people. Public awareness is not required and may be minimal. A complete list of DHS credentials is contained in this document .
Who then falls under the definition of “critical infrastructure”, that is, to whom will the new rules apply? These are companies that manage systems important to national security, economic security, public health, and public security. Among others, they are producers and transporters of oil, gas, water, electricity, telecom operators, financial and banking systems, hospitals, transportation services, various government agencies, etc.
')
According to independent lawyers , the administration’s proposals are not effective, since they do not provide for any punishment for poor defense, not even a fine. On the contrary, hackers will be punished.
The minimum three-year term will be added to the term obtained for violating other laws, as will be established by the court. Moreover, hackers are invited to automatically extend the effect of the Racketeering-Influenced and Corrupt Organizations Act (RICO), which applies to members of organized criminal groups.
Source: https://habr.com/ru/post/119357/
All Articles