2014, the year of the cyber breach—think Target, Heartbleed,
Home Depot, JP Morgan Chase, and, yes, Sony—has unsurprisingly led the United
States to where it is today: with a president willing to move the conversation about
cybersecurity to the forefront of politics. Last week, President Obama used his
annual State of the Union address to set his agenda for 2015. “No foreign
nation, no hacker, should be able to shut down our networks, steal our trade
secrets, or invade the privacy of American families, especially our kids. We
are making sure our government integrates intelligence to combat cyber threats,
just as we have done to combat terrorism. And tonight, I urge this Congress to
finally pass the legislation we need to better meet the evolving threat of
cyber-attacks, combat identity theft, and protect our children's information,”
he said.
Obama’s comments come amidst tangible action in Washington. In the closing weeks
of 2014, Congress passed several pieces of cybersecurity legislation, including
the National Cybersecurity Protection Act of 2014, the Federal Information
Security Modernization Act of 2014, the Cybersecurity Enhancement Act of 2014,
and the Cybersecurity Workforce Assessment Act of 2014; this legislation will
strengthen the ability of the public and private sectors to work together in
preventing future cybersecurity breaches while also developing a more robust
cybersecurity workforce. Furthermore,
Obama has planned a White House Cybersecurity Summit at Stanford University on
February 13, which will provide an opportunity to develop further public-private
sector collaboration and to explore cybersecurity best practices and
technologies.
The legislation Obama referred to in his State of the Union
address remains to be acted upon by a partisan Congress. The goals, however,
are threefold: to encourage the private sector to share cyber threat
information with the government through the use of liability protection for
companies that adhere to consumer privacy protections; to strengthen the
government’s ability to combat cybercrime by prosecuting the sale of botnets
and criminalizing the sale of stolen financial information abroad; and to
create a national standard for how and when companies report security breaches
to the public.
Although cybersecurity experts are encouraged by
Washington’s newfound urgency surrounding online privacy and security, many
doubt politicians will be effective in creating a climate that will truly
protect the public. Increased sharing of
information with the government assumes the government is a safe and secure
place for information, which continues to beg blind trust and insecurity of
consumers. Congress is tasked with reauthorizing parts of the Patriot Act by June 1, 2015. Until the American public knows
the extent to which the National Security Agency (NSA) is authorized to conduct
surveillance, it should be hesitant to support the government’s proposed
information sharing. Additionally, cybersecurity professionals at companies
such as Nexus-Guard and Social-Engineer, Inc. find Obama’s
proposed legislation to be “scary as hell,” as it would turn the hacking done in the interest of protecting
companies against cyberattacks into a criminal offense.
Obama was wise to refer to cyber-attacks as an “evolving
threat” last Tuesday night. However, he
failed to recognize that partisan politics, slow-to-pass legislation, and
business as usual will simply not keep up with cybersecurity’s evolving threats
such that consumers will receive the security they deserve.
In an era in which the United States government is just
beginning to grasp the significance of cybersecurity and has yet to produce a
workable solution to protecting its citizens’ privacy and security, consumers everywhere
need to take their online safety into their own hands. This Data Privacy Day,
we urge you to take a look at the National Cyber Security Alliance’s provided resources
to keep individuals
and businesses
secure in an otherwise well-intentioned but uncertain 2015.
No comments:
Post a Comment