Feds Need to Do More than Talk to Boost Cybersecurity
President Barack Obama put cybersecurity on the national stage Tuesday night in making the topic part of his State of the Union address.
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids," said Obama during his address. "So we're making sure our government integrates intelligence to combat cyberthreats, just as we have done to combat terrorism."
But talk doesn't do much, say security experts and industry watchers, and the federal government has a lot of work ahead if it hopes to stem the increasing cyberrisks and threats facing municipalities and agencies around the country.
"The first step in strengthening the U.S. cybersecurity initiative is to ensure that all businesses that store sensitive information have taken the necessary precautions in securing their networks," Kevin Watson, CEO of VendorSafe Technologies, tells Tech Times. "The most effective method would be to provide a framework that imposes an appropriate level of regulation on noncompliant companies."
Enterprises big and small are proving to be extremely vulnerable and last year's hacks and data break-ins are expected to increase this year.
While Obama's intentions are certainly good, many aren't supporting some of his administration's initial solutions and strategies, such as enforcing a federal mandate that companies disclose hacks and data breaches within 30 days of discovering a hack.
"[The government should not] provide immunity through hastened communications of breaches...doing so could lead to confusion and fear to the consumer if the details and implications for the breach are not fully known," Steve Lowing, director of product development at Promisec, tells Tech Times.
"Clear and accurate communications is something that should happen, but this comes about through following an incident-response plan," Lowing advises. "So rather than putting a time limit of [within] 30 days of breach to communicate that a company has been hacked, the government could mandate that every institution should have an incident-response plan that is followed when they are hacked."
At least one industry expert thinks it may be time for the federal government to take a much more institutional cybermilitary approach.
"I think that this is inevitable, and in fact likely exists in various forms across nation-states around the world," Derek Manky, global security strategist at Fortinet, tells Tech Times. "The technical capability is there. Typically, when it comes to any cyberwarfare, we are talking about zero-day vulnerabilities and custom malware payload development."