• United States




The many seasons of our discontent

Jul 30, 20122 mins
Critical InfrastructureData and Information SecurityInternet Security

Bob Bragdon on cybersecurity legislation (or lack thereof)

I had high hopes that we might actually see a federal cybersecurity bill this year. Foolish me! (Of course, by the time this is published I may have been proven wrong—but I doubt it). Lieberman-Collins bill looked like it might go somewhere…but it didn’t. CISPA even passed the House before it ran into the stone wall of another house (white). Now there are grumblings in the Senate that may doom any other cybersecurity legislation that comes up this year. What a shame.

Then again, should we really be surprised that, in an election year, we can’t get something like this to move forward? I mean, how many years have we watched the Congress do nothing of substance to address what you, as loyal readers of CSO, and I already know: Cybersecurity is one of the greatest strategic threats to our nation, its businesses and its citizens in the last 50 years. (Department of Homeland Security Secretary Janet Napolitano recently expressed a similar sentiment.)

So, I offer this open letter to our representatives in Washington. It’s short but sweet:

Dear Leaders (sounds a little North Korean, but stick with me here):

We appreciate that you have been very busy this year, what with renaming all those courthouses and post offices around the country, but we would appreciate it even more if you could do something to stop all these pesky cyberattacks that are costing us billions to fight, fix and avoid. While you’re at it, we could really use some help protecting our nation’s critical infrastructure against cyberattacks and cybercrimes. Please don’t just tell us what to do. Give us the resources to do it before everything we invent here ends up manufactured by some Chinese startup two days later (how did they come up with a product exactly like ours so quickly?).Thanks for your help. See you in November!


Your frustrated CSO

I’ve always said that the best way to get someone’s attention when it comes to cyber-related risks is for something really bad to happen. For retail, that bad thing was the TJX breach; for gaming, it was the PlayStation breach.

Let’s hope someone in Congress takes the hint before we have to rely on the “something bad happened” incentive.