Tomorrow I have the honor of speaking with CIOs in a meeting to discuss how business leaders will need to engage in cyber defense over the next 12 months. Thanks to sponsors HP, FireEye, McAfee, and Paragon Micro – a value added reseller of security, networking, and data center products. As I prepare, there are a number of things happening out there that make this an interesting time to be attending such an event. Phyllis Schneck, a vice president and chief technology officer for the public sector at McAfee, was just named deputy undersecretary for cybersecurity, working along with DHS on how to tackle the rising concerns of cybercrime.
This is especially a concern in the private sector where innovation tends to be a primary focus and the target of those governments looking to cash in on American innovation. “Washington has struggled of late to determine how heavy a hand it will take in dealing with the private sector,” writes Danny Yadron of The Wall Street Journal. “One contentious issue is whether the government should set minimum standards that companies in key industries like banking and energy should meet in order to protect their networks from cyberattacks. Companies generally want to set up their own criteria.”
The more mid market companies ignore these threats, the more government is going to insist on imposing new rules. From what I can tell, this won’t stop with banking and energy – but will likely expand over time into mid-market manufacturing, service providers, transportation, and more. The problem is, when government gets involved, the regulations are usually costly but not well thought out. We end up with rules that don’t actually make sense. For instance, it’s illegal to bathe a horse in your bathtub in North Carolina where I live. It’s also against the law to plow your field with an elephant. Why? Because the lawmakers reacted to something rather than thinking through to the best way to address the root issue.
Cybercrime is far more than a technical issue. Tomorrow afternoon I will be addressing some of the most important trends, along with mindsets and culture that must be developed inside an organization to better protect against this impending doom of bureaucracy driven by growing surreptitious cyber threats. Security must be addressed first, at the top, where the digital assets are created and assigned value. From there IT and security groups will gain the support they need to get the job done.
© 2013, David Stelzl