Top 10 Cybersecurity Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
You don't often hear news of the Senate doing anything in a bipartisan manner, but on Valentine's Day, four senators ignored party lines and introduced cybersecurity legislation that would call for new regulations for protecting critical infrastructure. According to CNET:
The Cybersecurity Act of 2012 calls for the Department of Homeland Security (DHS) to assess risks and vulnerabilities of computer systems running at critical infrastructure sites such as power companies and electricity and water utilities and to work with the operators to develop security standards that they would be required to meet.
It would be up to the DHS to decide what companies and organizations fall into the spectrum of critical infrastructure; although, the companies would have the opportunity to dispute that designation. The companies would then have to come up with best security practices and verify that they are being used. CNET also pointed out:
There also are provisions for information sharing between the government and the private sector that maintain civil liberties. And DHS would consolidate its cybersecurity programs into a National Center for Cybersecurity and Communications office.
Getting bipartisan support on any legislation is a near miracle in today's Washington, so getting a diverse group to join together shows that members of the Senate recognize that we need to be proactive in protecting critical infrastructure from an attack. Too often, cybersecurity is based on reactive measures, so anytime steps are taken before disaster strikes is good news.
Of course, not everyone is going to be in total agreement. According to Bloomberg Businessweek, groups representing business interests are concerned about burdening these companies with more regulations and the corresponding costs. In the article, Peter Freeman, a vice president at the Washington-based Financial Services Roundtable representing Bank of America Corp. and JPMorgan Chase & Co. questioned why we need such legislation, saying that we shouldn't toss out structures that have been successful.
I understand the concerns of rising costs. The Bloomberg Businessweek article stated:
A Bloomberg Government study released Jan. 31 found that utilities, banks and other operators of critical networks would have to spend almost nine times more on computer defenses to achieve security capable of preventing 95 percent of attacks, an increase to $46.6 billion a year from about $5.3 billion.
On the other hand, what would the costs be if an attack were successful?