Four Things the Private Sector Must Demand on Cyber Security
By Steven Weber
On Friday, May 31 at the Shangri-La Security Dialogue in Singapore, US Defense Secretary Chuck Hagel said that cyber threats posed a "quiet, stealthy, insidious" danger to the United States and other nations.
Wait a minute. What exactly is quiet and stealthy about a security issue that Hagel's colleague General Keith B. Alexander, the Director of the National Security Agency, labeled just a few weeks earlier the source of the "greatest transfer of wealth in history" from US companies to foreign hackers?
For companies and organizations that allocate vast sums of money and some of their best technical talent to the challenge of trying to protect their networks from thousands of cyberattacks daily, there's nothing quiet or merely insidious about what's going on. Remember the summer of 2001 when CIA Director George Tenet said of the Al-Qaeda threat "the system was blinking red" but few around him seemed to grasp the urgency? I believe the cyber threat right now has much the same character. You don't have to be a master of the extraordinarily complicated and highly technical details of the issue to recognize this important signal: almost universally, you will find that the more an organization's technical people know about the nature of the threat-response dynamic, the more worried they are about who is going to win that race....
Steven Weber is a professor of the School of Information at UC Berkeley, where he works at the intersection of technology markets, intellectual property, and international relations.