I finally had a chance to read through Homeland Security Today’s publication of The Leading Edge Today. The January edition was focused on cyber security. The Producer’s Corner article (i.e. letter from the editor), cites a study and report compiled by Verizon and other entities from around the globe, including the US Secret Service. This report, called the 2012 Verizon Data Breach Investigations Report, is staggering. They cite 855 confirmed cases of enterprise data loss and say that most entities that are hacked aren’t aware of it for weeks or months – and are usually notified by someone else of the incident (i.e. law enforcement or an enterprise internet security firm). The remainder of the publication offers some good information and insight on trends and prevention activities in the realm of cyber security.
Obviously The Leading Edge Today was published prior to the President’s signing of the cyber security executive order just a couple of days ago. All reports so far indicate that the executive order really has no teeth. It’s not law and only provides recommendations, although it does call for the establishment of a Cyber Security Framework (perhaps to parallel the National Response Framework?) and calls for the NIST to establish the standards of this framework. DHS is charged with sector-specific outreach to engage the private sector. It’s not the full package of what our nation needs, but it’s a start. It’s apparently a political throwing-down of the glove to challenge Congress to promulgate and pass a cyber security bill.
I’ve not had the chance to do any research on it, but what are other nations doing? I imagine that there must be countries out there who have not dragged their feet as much as we have on this matter; and hopefully they have been able to implement not only strategic plans that outline progress, but have also implemented tighter defenses. This may also be an opportunity for a global defense against cyber crimes – particularly in consideration of the perpetrators and the victims often times being from around the world. In my eyes, this cyber terrorism needs to be viewed as an attack on our sovereignty, on our economy, and on our personal and corporate privacies. To fight it is to wage war against those who perform it and those nations who sponsor it – just like any other act of terrorism.