• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Cybersecurity: We Are Losing, and It Is a Failure of Leadership

    The recently retired top cyber cop of the FBI, Shawn Henry, stated that “the status quo, it’s an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.” The sky is not falling, but if the US persists in dragging its feet, ground will continue to be lost.

    There is much that can be done to better protect America in the cyber world. All of them trace back to failures of leadership. The blame lies very broadly at the feet of leaders everywhere and at multiple levels. This is not just a technology issue; it involves people, and so far people in all levels of leadership have neglected to act where they could have.

    Of particular concern is the growing vulnerability of industrial control systems, which run our factories and utilities. These networks are the point where the digital world meets the physical one. An enemy that penetrates our industrial control systems can do physical damage by manipulating the computer-controlled processes upon which we depend.

    If the U.S. wants to rectify the present situation and protect itself, it should begin with education and awareness at every level of school, in every business and government agency, and in every community in America. We do not have that today. It is not government’s responsibility alone, however. The government can assist, but cyber education should be a cooperative effort led by leaders everywhere.

    Cyber should be taught and trained in dynamic ways that meet the challenge of the dynamic and motivated foes we face. It cannot be relegated to an annual online course, which neither provides good training nor energizes people. The American people must know the threats and know what they can to protect themselves and contribute in fighting back. Their leaders, public and private, owe them that information and training.

    There are many different views on how we should improve our cybersecurity. Some say we should we mandate security improvements. If this can be done wisely, with cooperation from business, it is a way forward. The dynamic nature of cyber, however, makes our regulatory system a singularly poor vehicle for crafting a solution. Others have said that we should incentivize the private sector to better protect itself. This should be a component—but with full public recognition that business has a responsibility to begin acting in its own self-interest.

    Lastly, we should be motivating the tech industry to make seminal breakthrough discoveries in security. We invented the Internet and most cyber innovations; we should be able to defend them. Any effective solution should be comprehensive and should not constrain the wealth and convenience producing innovation that gave birth to the new world of cyber.

    The hackers of the world to whom Henry said we were “losing” are good—very good, in fact. But so is America. This is an area in which America is very vulnerable, and time is slipping by. It is a situation that must change in a way that does not cripple the very systems and methods through which we have grown great. Put simply, it requires old fashioned American leadership.

    Posted in Featured [slideshow_deploy]

    6 Responses to Cybersecurity: We Are Losing, and It Is a Failure of Leadership

    1. BIggbear says:

      Yes we are losing and based on what transpired yesturday it is quite apparent that this administration is now assisting those that would do us cyber harm and death!

    2. Bobbie says:

      does seem clear that the weakest of mankind amounting in unknown numbers, helped themselves to leadership roles working in contrast to good will, conducting themselves in opposition of the positive qualities of humanity. The weak will only get weaker and continue their ways as long as they aren't held accountable!

    3. Leadership to do what? Leadership to destroy our civil liberties even further? Let's get something straight. Secret government networks aren't connected to the Internet. And in fact, that is the only good solution to maintaining secrecy on computers – you can never connect them to the Internet. If you do so, you are just asking for information to be stolen.

      As far as I can tell there hasn't been a single major cyber attack again infrastructure that has done us harm. That may soon change as I imagine our criminal intelligence agencies will orchestrate an attack against us so they can grab more power to regulate the Internet.

      The question is why is this such a pressing issue for the U.S. government? Why are people like you hounding on this issue? Of course the reason has nothing to do with cyberattacks. It has to do with the truth. The truth is our government, our companies, our universities, and our new organizations are all criminal organizations of the worst kind imaginable. And there is lots of information out on the Internet which exposes that criminal behavior and God forbid the public actually looking at that information because then the people who work for those institutions would be prosecuted and sent to jail.

      So to prevent that you want to regulate the Internet. And you want to torture people like me into submission. You think this is going to work? It's not going to work. You morons are only digging yourselves a deeper hole. The future is clear. You are on the wrong side of history.

      Mark Murata

      P.S. If you want to do something positive (like help me out) you can reach me at http://www.facebook.com/TheBlithelyIdiot

    4. Bobbie says:

      Gosh Mr. Murata, you seem to be on the wrong side of common sense. ALL IT TAKES IS "A SINGLE MAJOR CYBER ATTACK!" but I agree to some extent about digging a deeper hole because anyone taught and trained that holds accountability with good intent is going to teach and train someone else with bad intent who's protected from being held accountable.

    5. Jerry Dixon says:

      We need better tracking of actual cyber-crime cases and numbers on successful prosecutions. It's time the Uniformed Crime Report gets updated to track this. Also the MLAT process needs to be updated or sped up to keep pace with which cyber-crime is committed. If you look at the DOJ's CCIP website there are under a couple hundred cases with disposition yet we have hundreds of agents focused on cyber-crime. All the more reason to track arrests and prosecutions to make informed policy decisions.

      Bottom line, we need to deter those would be cyber-criminals and today the current system doesn't provide enough deterrence to affect the cost / benefit analysis of the crook. It's too low risk with high benefit for a criminal. We need it to be a high risk / low benefit to deter them.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.