Legal System Starts to Punish Firms for Lack of Security
Over the weekend, Tomalak's Realm pointed out a Crypto-Gram article which reported that two judges separately punished a U.S. Government agency and three corporations for lax Internet security. A Federal judge ordered the U.S. Department of the Interior to disconnect some of its computers from the Internet because an Indian tribe proved records could be altered and funds diverted. In a separate case, a Texas state judge issued an injunction against three customers of Exodus Communications for permitting a denial of service attack (DOS) to take place.
Bruce Schneier, the author of the article says, "I like this kind of stuff. It forces responsibility. It tells companies that if they can't make their networks secure, they have no business being on the Internet. It may be Draconian, but it gets the message across."