Cybersecurity - Washington is chasing the wrong solution to a growing problem

It’s no surprise that a new round of high-profile hacks has Washington scrambling once again to do something – anything – to look like it’s working to improve our nation’s cybersecurity.

Keeping America’s digital information and computer systems safe is poised to be one of the defining security challenges of the coming decades.

It is clear that private companies and federal agencies alike are falling short. When Chinese and Russian hackers penetrate major corporations and government files on a seemingly weekly basis, our country should already be on red alert.

But the solutions being discussed in Congress would do little, if anything to stop these hacks, according to most independent security experts (see here and here). The so-called cybersecurity bill in the Senate would encourage private companies to share their customers’ information with the government, without giving individual Americans real assurances their private information will be protected. In fact law-enforcement agencies could go after Americans for crimes that have nothing to do with cybersecurity based on information companies give to the government.

At the same time that the bill creates a new way to collect Americans’ information without a warrant, the bill also gives corporations blanket immunity for providing information to the federal government, and would prohibit that data from being used to police those corporations.  I do not agree that corporations’ privacy is more important than individuals’ privacy.  And I do not agree that the best way to improve cybersecurity is to make it harder for individuals to sue these corporations. 

This week the Wall Street Journal Editorial Board asked if I had any suggestions to protect against hacks of government-held information.

The way to address this threat, with regard to OPM and other government-held data, is to ensure that federal agencies receive the funding and expertise necessary to develop and implement robust security programs, and to ensure that these agencies have the technical and administrative controls that they need to combat a wide variety of cybersecurity threats.  

It is also important for the US to invest in the education of the next leaders in cybersecurity, and to recruit and retain a strong federal cybersecurity workforce by ensuring that cybersecurity professionals can find opportunities and career paths in government that are as rewarding as those in the private sector. 

Cyber threats are a real problem, but half-truths and misinformation won’t make us safer. My staff and I dug into the Journal’s editorial to bring some much-needed facts to the discussion. Check it out on Genius here1 and below or the PDF version here.   

Ron's Response

Bradley Manning and Edward Snowden
? The Chinese Have Your Numbers - WSJ
Private companies like Target are pilloried, not least by politicians, for their data leaks. But the feds have $4 trillion to spend
? The Chinese Have Your Numbers - WSJ
advanced encryption systems
? The Chinese Have Your Numbers - WSJ
protecting American privacy from the potential abuse of National Security Agency collection of metadata—that is, phone logs but not the content of calls.
? The Chinese Have Your Numbers - WSJ
Which do you worry more about?
? The Chinese Have Your Numbers - WSJ
Do Senators Rand Paul and Ron Wyden have some suggestions for countering this privacy threat?
? The Chinese Have Your Numbers - WSJ
information-sharing between companies and the government. But that has nothing to do with the OPM breach.
? The Chinese Have Your Numbers - WSJ
The main obstacle to the bill in the past two years has been Mr. Obama’s insistence that it include new and costly government mandates on private companies.
? The Chinese Have Your Numbers - WSJ

U.S. intelligence services and the Pentagon will have to demonstrate the ability to punish Chinese institutions that continue to steal American secrets. That won’t end the threat, but it might give the governments that are underwriting these hackers some pause.

The U.S. is already in a cyber war. The problem is that the Obama Administration doesn’t want to admit it.

? The Chinese Have Your Numbers - WSJ

[1]Please note, this works best if you have both a Genius and Wall Street Journal account. If you don't, no worries. All the annotations are above and in a PDF here.