State of the (Cyber) Union – Breaches Get (Too Little) Attention
Millions of us gathered around computers and flat screens last night to listen to all or some of President Obama’s hour-long ‘State of the Union’ for the New Year. Everyone had their priorities to listen for – education, taxes, healthcare – but in my case, I sat listening for the one or two minutes where he might offer some further insights on cybercrime and how we might start to wage war that is tougher and smarter against attacks on a different front. Cyber threats are moving faster than we are as the news clearly shows – and we’ve got some serious catching up to do here.
First and foremost, the President’s recent, focused announcements, along with his SOTU speech last night, do bring much-needed attention to what has become an increasingly difficult business issue affecting national security and, potentially, financial stability – a fact that the President also alluded to before and during the address. (In fact, Mr. Obama pre-empted himself on this topic the week prior.)
With the avalanche of news flooding us – and from the bankers I speak to this includes the news that isn’t getting reported – the most critical piece of this dialogue is the renewed and continued attention on information-sharing. This is a critical area that could be vastly improved and supported both within businesses internally and externally around like-minded leaders looking to address breaches from both hackers and nation-state criminals.
I firmly believe that the key and the first step to addressing intelligence gathering with respect to all these cyber security issues is, in fact, information sharing and I know my financial institution colleagues stand behind that belief. Not only sharing information cross channel within an organization, but from organization to organization, and that includes the government agencies that can assist.
Information sharing sets the tone to move to the next stage, first sharing threats, then sharing research and development on the counter measures, then finally an incorporation of a standards body to look at things like “ how do we create a safer log in” universally, at the source.
Financial Institutions themselves are already exploring appropriate avenues to share critical information, and in ways that respect privacy laws. Banks are sharing information on the threats, not consumer data, let’s be clear on that. This model can extend to other industries that have fraud and cyber security issues.
Unfortunately, President Obama didn’t really offer a further peak into any solid plan of action last night – but there have been offline discussions in the media that the government will look to provide legal protections for those sharing information and addressing threats – while making it absolutely clear that “hacking back” and other efforts would not be tolerated. Let’s push on this – and see what comes next.
Regardless of the lack of additional content in last night’s speech, I do think the industry is starting to talk about these issues more openly. We talk about these and similar issues in our own Actimize Collaborative Intelligence Sharing Forum and I expect that the discussions will only grow more vigorous, unfortunately, as the problems continue to escalate at businesses around the world.
But a couple of bigger problems remain – who at the national level will lead the charge to information sharing and related practices? That remains to be seen. As our vulnerabilities are played out in the news nearly every day, we really need to speed things up so we are managing threats — and they are not managing us.
I think President Obama summed it up best, in his own words: “If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”