I read today that President Obama has created a cybersecurity panel that, according to Engadget, is tasked to:
Raise the level of cybersecurity in both the public and private sectors, deter, disrupt, and interfere with malicious cyber activity aimed at the U.S. or its allies and respond effectively to and recover from cyber incidents.
I applaud the effort, but I also wonder what the heck took so long? How many cyberattacks against government agencies did we see before any action was taken?
That this panel wasn’t formed until now, despite the increase and variety of cyberattacks against both government and enterprise over the past decade, points to an issue that I’ve been wondering about for some time now: Why isn’t cybersecurity a serious issue during this political season? The corollary to that question is this: When cybersecurity is addressed within government arenas, why is the focus so limited?
Earlier this month, I sent out an email to all five presidential candidates asking them why they aren’t talking about cybersecurity. I wish I would have had the results of the Thycotic cyber terrorism survey when I sent that email, the one where the vast majority of security professionals admit they believe a catastrophic cyber incident will happen within two years. Perhaps if I had that information in hand, I would have gotten a response from at least one campaign. I asked the folks at Thycotic why they thought the candidates were avoiding the subject, and their email response was pretty much in line with what I’d been thinking:
Although cyber security is a legitimate issue, candidates must not believe that it’s an issue that will help them win an election. The candidates all agree that cyber security is an important issue that needs to be addressed more diligently. However, the campaigns apparently don't seem to think the topic is interesting enough at this time to the public to secure what they are looking for most, votes. Unfortunately, it might take a real problem to get people to act and for the campaigns to make cyber security a priority.
It might take a real problem to make it a priority. Or it might take a stunt for the government to take notice. According to the Insurance Journal, John Carlin, U.S. assistant attorney general for national security, told an auto industry organization:
There is no Internet-connected system where you can build a wall that’s high enough or deep enough to keep a dedicated nation-state adversary or a sophisticated criminal group out of the system.
True enough, but in this case, Carlin was talking more specifically about the cybersecurity of vehicles and the need for a better response to security vulnerabilities found in cars after it was shown that the computer systems could be controlled by hackers.
I agree with the premise in an article in The Intercept that accused the government of having a double standard about cybersecurity. What about better security for smartphones, the article asks. As one agency wants better for security for vehicles, the article stated:
FBI Director James Comey continues to pressure phone manufacturers and technology companies to roll back their security to allow for law enforcement access.
Security is a really tough issue. I get that. However, we need a deeper conversation on the topic in this country. A cybersecurity panel is a start, but it hardly makes it the national conversation cybersecurity needs to be.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba