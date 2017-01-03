2017 security predictions

Government to be more engaged with security in 2017

CSO |

crystal ball future hands public domain
Credit: InfoWire.dk
More like this

On September 2001, the US suffered its most egregious terror attack ever in which 2,996 lives were lost. One of the indirect consequences of this disaster was that Federal Information Security Management Act (FISMA) was enacted unanimously in 2002.

FISMA initiated broad protections for federal information systems security. It’s very clear that the level of security in both public and private sectors has vastly improved in the past 15 years. Unfortunately, the sophistication of hackers has also increased at least as much. More defensive steps will need to be taken by the federal government in 2017. Only the next 12 months will define exactly what those steps will be.

2016 was marked by increasing brazenness by hackers, affecting public infrastructure and social processes. The most significant events were the hacks of the DNC and the Clinton campaign. These demonstrated a new understanding of ways that hacking attacks can be leveraged, in this case to try to affect our democratic process. It will not be possible to ignore this type of attack, just as it was not possible to ignore the 9/11 attack.

[ MORE PREDICTIONS: What 2017 has in store for cybersecurity ]

Beyond these attacks, 2016 also saw other significant attacks against public infrastructure and processes. Most recent was the penetration of a Vermont power company in December. Burlington Electric has less than 20,000 customers; was this a practice run? Attacks on the utility grid have been discussed for years, but we don’t know what form these may take.

Another attack that concerns me is the attack on Bangladesh central bank and the SWIFT interbank transfer system. Casting doubt on a financial backbone is another high-risk consequence, although these hackers were likely out only for the money.

Governments are going to need to step up their efforts in cybersecurity, although I would prefer that this task be carried out by private industry. New York State in 2016 was the first entity (Federal or state) to create a cybersecurity law for banking. (Massachusetts already has a security law for entities storing personally identifiable information from its residents). But I see that in New York, industry has pushed back and delayed the implementation of this law. I will be watching to see what changes are put into this 14-page statute.

Bottom line: I don’t see industry being very proactive to implement cyber security regulations for itself. Partly this is self-interest at work and partly, there is no single-dimensional remedy. Solutions are multi-dimensional and only government can orchestrate those.

So what should government do? If the incoming administration was Democratic, I would expect that some of the recommendations from the Presidential Commission on Enhancing National Cybersecurity would be pursued. Those that were significant to me included: using ad agencies and other creative types to promote security awareness; mandatory training programs for managers, whether or not they are involved directly with security; extending incentives to companies that have implemented cyber risk principles.

It is not clear what will happen under the incoming administration. President-elect Trump is the first President to have cyber security as a priority before taking office. On the other hand his recent comment that “no computer is safe” could suggest a return to paper documents or an even bigger program to boost cybersecurity.

But I will go out on a limb and predict that cyberattacks will continue to threaten our way of life and that governments, in the next 12 months, will take specific actions to protect against these attacks. I’ll check back in next January to see if I am right. Otherwise, have a great 2017.

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Related:

Frederick Scholl is a thought leader in information security. He has security practitioner experience and credentials as an educator. He consults on security governance, risk management and compliance issues and is an adjunct professor of electrical engineering and computer science at Vanderbilt University. For more information, visit the Monarch Information Networks website or follow him on Twitter (@fwscholl).

Insider: Hacking the elections: myths and realities
You Might Like
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.
Most Popular
turbotax deal
34% off TurboTax Deluxe 2016 Tax Software Federal & State - Deal Alert

No Tax Knowledge Needed. TurboTax will ask you easy questions to get to know you and fill in all the...

01 online cart
IDG Contributor Network
Best and worst online retailers for security

Now that the shopping is done, let's take a look at who made the naughty or nice list for security...

phone repair kit
42% off 17-Piece Precision Smartphone Repair Kit For iPhone, Android, Samsung

Save money by repairing your own device. This 17-piece tool set is heavy duty, lightly magnetic, and...

BrandPosts
Learn more
Popular Resources
Featured Stories
hostage cropped
What to do if your data is taken hostage

There are many options you have in how to respond to a ransomware threat. It all depends on your risk...

nup 173075 0006
Donald Trump offers cybersecurity warning: 'No computer is safe'

Donald Trump showed off his IT security credentials at a New Year's Eve party, suggesting that the best...

wearable smart watch
Data breaches through wearables put target squarely on IoT in 2017

Security needs to be baked into IoT devices for there to be any chance of halting a DDoS attack,...

turbotax deal
34% off TurboTax Deluxe 2016 Tax Software Federal & State - Deal Alert

No Tax Knowledge Needed. TurboTax will ask you easy questions to get to know you and fill in all the...