The private sector still hasn't overcome its fear of reporting computer security incidents, citing a backlash from customers, shareholders and even lawyers who might respond to a publicized security problem by withholding trade, selling stock or bringing suit. But many of these fears are based on misunderstandings. For example, law enforcement agencies don't make cases public until there's an arrest.
It's customers and hackers who make incidents public. Some fear any information shared with the government would be accessible through a Freedom of Information Act request. In reality, an existing exemption already protects records compiled for law enforcement purposes. Another concern is that crime fighters will take away computers during an investigation. Forensics does take time, but officials seize the perpetrator's equipment, not the victim's.
[ Read more ]