President Barack Obama’s call for legislation to strengthen cybersecurity may be one of the few points in his State of the Union address that has some bipartisan support, according to the morning-after pundits and analysts. And it should because the threats are real and imminent.
The president urged Congress to pass legislation that will improve digital protection. Earlier this month he also announced revisions to previously proposed legislation that would give companies legal protections for sharing information with the government about cyber-threats. Steps such have support from the industry, and policymakers in Congress should act quickly to address the growing risks.
Any signals of bipartisan support are good news, given the immense threat that delay represents. As recent high-profile attacks have demonstrated, weak cybersecurity is an imminent threat to government, business and societal interests around the world. Almost half (46 percent) of those polled recently by global cybersecurity and IT association ISACA expect their organizations to face a cyber-attack this year, and almost all (83 percent) view cyber-attacks as one of the top three threats to business.
If the numbers aren’t convincing, consider the words in the 2015 World Economic Forum report, which calls threats to cybersecurity among the world’s most severe and imminent risks: “Once the genie is out of the bottle, the possibility exists of undesirable applications or effects that could not be anticipated at the time of invention. Some of these risks could be existential — that is, endangering the future of human life.”
Unfortunately, the genie is out of the bottle, and with or without action from Congress and the Obama administration, these vulnerabilities will only grow. The WEF’s dark warning stems from the realities of today’s hyper-connectivity — the so-called Internet of Things. Computer networks are at risk of increasingly complex and sophisticated attacks, and so too is any physical device with embedded intelligence, from power transmission lines, transportation and communications systems, or literally any type of infrastructure or industrial process.
Cyber-attacks are part of the new reality. They are an immediate and severe threat to governments, organizations and individuals — and even to the halls of Congress.
In his State of the Union speech, Obama sought support for the legislation, saying he wants to improve and streamline the ways businesses and government work together, to unify the reporting of cyber-attacks into a central repository. Some Republicans suggested support for this idea, which has backing from the information technology industry.
Collaborative discussion for increased cyber protection is an important step in the right direction. But the discussion must lead to action. Leaders must agree quickly on clear, straight-forward cybersecurity action that can help thwart these potentially devastating attacks. At the same time, the need to balance the privacy rights of individual citizens is critical, which means we need a thoughtful, collaborative approach.
In addition, the Obama administration, Congress and the industry should explore programs to build up the front-line defenders — the skilled IT workers — who can help detect and respond to cyber-attacks, and build in security from the beginning.
They are in alarmingly short supply. A stunning 86 percent of those polled by ISACA acknowledge a worldwide shortage of cybersecurity professionals. Our association is working to develop cybersecurity professionals and their organizations through the training, education and credentialing offered through ISACA’s Cybersecurity Nexus, but cybersecurity is a global risk that demands a fully collaborative response from government and industry.
“If we don’t act, we’ll leave our nation and our economy vulnerable,” Obama said. “If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
We need to continue making it possible for technology to create opportunity — through thoughtful, collaborative efforts by Congress and the Obama administration and close coordination between government and industry.
Robert E. Stroud, CISM, CGEIT, is international president of ISACA. Want More Stories Like This? Subscribe to our Thought Leaders Newsletter.