When it comes to cyber-security: Change you can’t take seriously
All you need to know about the President’s speech laying out his proposals for enhanced cyber security and consumer protections is that as he was delivering it the US Central Command’s twitter account was being taken over by Islamic State terrorists
Who says terrorists don’t have a sense of irony.
The truth is that even without the attack the president’s ’s cyber proposals are an impotent response to what is one of the nation’s biggest challenges: How to protect our electronic infrastructure. If we don’t start dealing with it soon we are putting our nation’s economic growth and privacy at risk.
At least rhetorically the President understands just how big the stakes are, In yesterday’s speech he pointed out that “In one survey, 9 out of 10 Americans say they feel like they’ve lost control of their personal information. In recent breaches, more than 100 million Americans have had their personal data compromised, like credit card information. When these cyber criminals start racking up charges on your card, it can destroy your credit rating. It can turn your life upside down. It may take you months to get your finances back in order. So this is a direct threat to the economic security of American families and we’ve got to stop it”
So what is the Government’s big solution? (1)A national standard mandating that companies would have to notify consumers of a breach within 30 days and (2)encouraging financial institutions to provide customers easier access to their credit scores. Neither of these are bad ideas but the President’s proposals are like eating leftovers when you were really looking forward to a brand new meal: Better than nothing but hard to get all that excited about.
Is this really the best the country of Bill Gates and Steve Jobs can do in the face of hackers determined to steal massive amounts of data from the American consumer as dictatorial quacks browbeat studios into not releasing movies they don’t like? Since when did we become the Can’t Do nation?
For one thing states already have breach notification requirements. They make sense but by definition they don’t deter breaches. In addition, your average consumer is likely to take little solace from the fact that they will know that their debit card has been compromised a mere one month after a breach has been discovered,
According to the President thanks to the cooperation of major financial institutions including some credit unions a majority of Americans will now have free access to their credit scores. The problem is that the Fair Credit Reporting Act already requires credit reporting agencies to give consumers a free copy of their credit reports once a year if they ask for one. True it’s a lot easier for a consumer if their financial institution tells them what their score is without being asked to do so but again all you are doing is closing the barn yard door after the horse has gone on the run.
Conspicuously absent from the President’s proposal is anything that would force businesses to do what banks and credit unions already have to do: Have policies in place to monitor identity theft threats and take steps to protect against vulnerabilities. Another proposal would be to give everyone some skin in the game by imposing a national law mandating reasonable care in the prevention of cyber theft. If you really want businesses to take cyber threats seriously release the trial lawyers and attorneys general. Time for the President to use the bully pulpit so that the American Government and public really realize how serious a challenge hacking poses.