Proposed Laws, Surcharges Would ‘Punish’ Cyber Security Innovation

Information security executive and radio host George Rettas presided over a wide-ranging show in the Jan. 22 episode of “Task Force 7 Radio” on the VoiceAmerica Business Channel.

Rettas’ opening segment included a sharp admonishment against California lawmakers for proposing a bill that would create a surcharge against the recent tax cuts passed through Congress. The show also featured insight from former U.S. Secret Service agent Tom Pageler, who’s currently the chief risk officer and chief security officer for Neustar, Inc.

The episode, entitled “What is the Future of Bug Bounties?” found Rettas outlining a proposed bill in the California legislature that would reportedly force state businesses earning over $1 million to turn over half of their tax cut savings.

Rettas suggested that the recent tax cuts helped deflate what was once an exorbitant corporate tax rate. He said it has become “more reasonable and more aligned with first-world countries.” The cuts, Rettas said, would allow for cutting-edge innovation – in robotics, automation, disruptive technology, research and development (R&D), among others. The proposal, however, would “punish technology and cyber security more than any other job sector in the U.S.,” he said, seeing as Silicon Valley is home to many high-tech security companies and numerous startups.

“This kind of thing outrages me,” Rettas said, lambasting state lawmakers Kevin McCarty (D-Sacramento) and Phil Ting (D-San Francisco). The host added that tech companies are “going to get hammered by this business-killing surcharge.”

“Who are they to bring down this warped idea of social justice on the hard-working companies in Silicon Valley? These people have lost touch with reality,” Rettas exclaimed. “This bill is going to hurt cyber security in America… It’s self-defeating, it’s insanity.”

Rettas opined that if passed, he wouldn’t be surprised to see a mass exodus of companies out of the state.

See Related: Bug Bounties To Covert Ops: Diving Into One Of 2017’s Biggest Hacks

Rettas brought on guest speaker Tom Pageler, Neustar, Inc.’s CSO. With regard to the proposed California bill, the guest said that California has long “prided itself” on being liberal and giving back. However, he said it may not be a good move right now, due to tax write-offs and high cost of living in California. He suggested some companies may ultimately look to places like Pittsburgh, Pa., Austin, Texas or Seattle, Wash. as possible safe havens to avoid the legislation.

Pageler said that, if passed, perhaps people would be hesitant to start more companies in California. He called the proposal something that could “defer startups.”

Rettas questioned the CSO on whether lobbyists are present in the state to firmly oppose the measure. Pageler said that large, established companies certainly have lobbyists; but this is not something at the disposal of emerging companies.

Pageler said that because of the “low threshold” of the proposed surcharge law, innovation could certainly take a hit.

On organizational layout and responsibility to disclose breaches to regulators, a topic which has also surfaced frequently of late, Pageler said, “In any mature organization…you have really strong checks and balances. If something’s going on, the CSO will report to the lawyers what they’ve learned… Then usually legal will make the call on whether or not, according to laws and what’s been reported, this is reportable…”

See Related: Uber’s Cyber Hack One Piece Of Larger Ethics Breach: Report

Pageler said that problems arise in the actual laws that dictate breach procedures and exercises like bug bounties. The CSO said that today, most security teams should report incidents just to be safe. However, he called that procedure “kind of ridiculous,” because much of it can become “white noise.”

Outside of the ambiguity of multiple laws, Pageler also pointed at the moral conundrum that arises from bug bounties. He called these tools useful and an effective way to push technical users to the cyber security industry. However, using a well-known “Star Wars” term, he called for these hackers to avoid the “dark side.”

Pageler also outlined an ambitious concept for a governmental department to handle bug bounty-type situations – in which the agency could mediate and potentially convert users to security practitioners. He said it could also be a third party that validates the transactions.

The “Task Force 7” Radio recap is a weekly feature on the Cyber Security Hub.

To listen to this and past episodes of "Task Force 7" Radio, click here.