Why the government's cybersecurity plan will end in catastrophe

By Rob Enderle, CIO |  Security, cybersecurity

Create a central network where systems regularly and automatically share information in real time, though, and you also create a single point of access where such an attack can be perpetrated. You change an impossible problem into one that is just very difficult-and, given both public and private practices to put off spending on security until there is a credible threat or demonstrated damage, attacking this centralized system will likely get easier over time for an outside entity and may be too attractive for a properly placed disgruntled employee to pass up.

Commentary: Failure of Senate to Pass Cybersecurity Act Leaves Us All At RiskBlog: Security Pros Blast US Cybersecurity Laws

The government's recent history with security is a case in point. The death of the U.S. Ambassador to Libya showcased a situation in which the risks were real, and known, yet protections were reduced. After the attack, the political system focused on finding someone to blame, not assuring that the problem wouldn't recur.

In short, the very system Panetta is suggesting could be the key to causing the thing he is trying to avoid.

A Better Short-Term Cybersecurity Solution

I see several things the government could do instead.

  • Strengthen liability laws in order to fast-track the process for compensating companies that suffer damage caused by inadequate protection.
  • Assure that compensation came from the budgets of the government organizations whose systems were targeted, in a manner similar to the way insurance companies pay out settlements. This would force agencies to increase their security budgets and audit the results to ensure they aren't too exposed.
  • Provide a common, required reporting method to report an identified attack along with a requirement for minimal legal coverage.

Analysis: How the U.S Can Avoid a 'Cyber Cold War'

All this could all be done without connecting the systems or creating a central government body to access them. There would be little additional government cost and few, if any, privacy concerns for anyone not perpetrating or directly connected to an attack. In short, such a plan would promote a higher level of prevention through better-funded protection.

'Cyber 9/11' Will Only Be Followed By More, Worse Attacks

Panetta's plan suggests that an attack is unavoidable. The problem with a method that almost assumes an attack will happen, or requires a successful attack in order to be implemented, is that it usually does more harm than good.


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question