We’ve seen, over and over, that users and companies aren’t taking security seriously enough. However the U.S. government seems to be lagging behind too, when it comes to online security. With apparent increases in corporate and government cyber attacks, is there a solution to the cybersecurity problem?
Monzy Merza, a security expert writing for TechCrunch noted that corporate security and government security in the U.S. are pretty inextricably linked:
Governments are beginning to use cyber attacks to influence very specific events and gain calculated strategic advantages, e.g., giving one company leverage over another in a competitive bid. … This is uncharted and complex territory from a policy perspective. To make matters worse, corporations currently have few incentives to report and share breach information, meaning these attacks will continue to escalate.
While cooperation is important, each initiative undertaken by the government, like the CyberSecurity Information Sharing Act, is met with strong resistance. Companies are unwilling to share any of their data with the government, in light of scandals like PRISM. Likewise, companies also seem unwilling to share any data with each other, perhaps because of social stigmas or because it’s better to “eat the breach” rather than expose it, according to Merza.
One of the main sticking points between government and business is the use of stronger encryption tools. Businesses are finally moving towards strong end-to-end encryption, and many security agencies would prefer that back doors be left in the software. However, the editorial board of Bloomberg View noted that this approach could be unproductive and even harmful to overall security.
The issue that the government, business, and users, all face at the moment is a reluctance to tackle the online security problem. Users find it too hard to remember passwords, so they use weak login details. Businesses are reluctant to lose face, or trade secrets so they press on with weak systems. The U.S. government attempts have largely been futile, or too political to implement.
The problem with this obstinate behavior is that data is already being compromised and stolen from all sources on a regular basis. The only way forward is a solution that somehow benefits all parties, which is likely why we currently have no robust solutions to cyber attacks.