Dan Geer, In-Q-Tel's chief information security officer, has proposed a set of policies that he believes industry and the government could adopt in order to respond to cyber attacks, Defense One reported Thursday.
Patrick Tucker writes Geer shared his recommendations for governing the software industry during the Black Hat cybersecurity conference Wednesday.
Geer recommended the government mandate companies to report incidents of major cyber hacking regardless of privacy concerns and noted that third parties discover between 70 and 80 percent of data breaches across 46 states, according to the report.
He also proposed regulations to make companies liable for vulnerable software and allow targeted organizations to retaliate to their attackers under certain regulatory conditions, Defense One reports.
Geer also said software systems must have remote managed fallback and offline backup systems in place prior to deployment to mitigate the impact of cyber attacks, the report says.
He pushed for what he called a “vulnerability finding” program in which the government would pay hackers to find software vulnerabilities and make them public, Tucker reports.
Tucker writes that Geer called for a total abandonment of unsupported software and the passage of a “right to be forgotten“ cyber law in the U.S.