This week’s State of the Union Address was the fourth in a row in which President Obama highlighted the critical nature of cybersecurity. Until the most recent onslaught of headlines painted a painful picture of the consequences of a data breach, all too many of our organizations have been focused on passing compliance audits and dealing with a broad variety of threats to long-term business viability. Times have changed, and the headlines and the tough reality are all crystal clear: the bad guys are strong, dedicated, and working productively together, and they are in our networks today
As President Obama said, lawmakers must “finally pass the legislation we need to better meet the evolving threat of cyber-attacks,” and, “If we don’t act, we’ll leave our nation and our economy vulnerable.” Recently proposed legislation would relieve some of the risk of participating in the information-sharing for which the federal government is asking. Defending our organizations is becoming increasingly complicated for legal and security teams, so it’s crucial for such legislation to increase the incentives or decrease the exposure that companies would experience in being more transparent and collaborative with government when data breaches occur.
Preparing for a Cyber Pearl Harbor
In his first term in office, the president created a cabinet-level cyber czar. Now the risk to our country is so severe that there is a need to go one step further. In addition to the land, sea, and air divisions of our U.S. armed forces, we should establish a military branch focused on cyber warfare to consolidate our approach.
Just as our military transformed itself from horseback riders in World War I to a mechanized and airborne fighting machine in World War II, so should it undergo further evolution to address the front on which our national defense is threatened in the modern age. The cyber war is erupting all around us and, unlike foreign wars that our military has fought in the past; this one threatens our domestic security and the foundation of our way of life. The cyber Pearl Harbor hasn’t happened yet, but it will, and we need to be ready with a robust cyber military branch of our armed forces.
Where Ayn Rand Meets Rosie the Riveter
In the same spirit in which American women flexed their industrial muscle and showed up to work the assembly lines of munitions factories in World War II, so do our corporations need to step up. We should first push for legislation that protects us from serious reputational damage when reporting on hacks, and then add steps to our internal security workflows that enable information-sharing between our own corporations and the government.
Such information-sharing combines good corporate citizenship and enlightened self-interest in a way that benefits our national security, our economy, and our shareholders. The most straightforward way for an organization to do this is to use the NIST Cybersecurity Framework
as a baseline for information-security preparedness, then add proactive threat-hunting in all the areas inside and outside your firewalls where intellectual property, credit-card data, and other sensitive data is stored. EnCase security products
can help your security team do that.
Crossing National Lines
Why stop here? Until the United Nations takes up this charge, we are well served to do it ourselves and collaborate with trusted partners in commerce and governments around the world. The bad guys cross borders. The good guys must do the same.
Mark E. Harrington is Senior Vice President, General Counsel and Corporate Secretary at Guidance Software and oversees worldwide legal responsibility for the company.