Cyber Insecurity

Public-private partnerships. Standards and best practices.

Those have been the mantras of the cybersecurity policy community for several years now. The dominant argument has been that mandates on the private sector are costly and ineffective, and the recent parade of news stories about cyber attacks on public and private entities has not shaken that belief.

Will that eventually change? Will there be one -- or a series -- of precipitating events that will spur policy-makers to alter course?

Consider the events of the past week. On Tuesday, a centrist think tank staged an elaborate cyber attack simulation and concluded that the U.S. was woefully unprepared. Today, a cybersecurity firm, NetWitness, announced that it had discovered a major botnet infestation that has been stealing data from governments and corporations for nearly a year.

"Advanced threats have festered their way into thousands of enterprises," NetWitness warned. "The widely deployed security technologies modern enterprises use to protect themselves such as firewalls, antivirus, and intrusion-detection technologies, even when well-managed, are ineffective in countering the current and ongoing threat to our information systems posed by a focused criminal adversary or nation-state."

Leaving aside NetWitness's sales pitch for its own product -- which it claims is far more effective at countering cyber attacks than the next leading brand -- the firm's report is further evidence that the private and public sectors are vulnerable.

The challenge, according to yet another white paper from yet another think tank, isn’t lack of awareness about cyber insecurity. "Corporate leaders understand the seriousness of the threat," says the report from the Cyber Secure Institute.

"The challenge with cybersecurity is that for all the attention it gets, there is no uprising among voters, customers, or investors," it says. "Political leaders and corporate leaders will only make the sorts of systemic cybersecurity changes that are needed if the public -- voters, investors, and customers -- demands change." -- TL