It seems that very few days pass before the news cycle churns up another story about a major breach in computer security affecting institutions and potentially millions of their consumers. The latest is a scheme targeting more than 100 banks in 30 different countries and netting the cyber thieves at least $1 billion.
News of the heist came just days after President Barack Obama signed an executive order urging companies to share threat information with each other and federal authorities. Unlike other recent uses of executive power, this action received bipartisan support, as it should. Aggressive action against cyber crime is overdue, as is a more comprehensive approach to the problem through congressional action, which remains under discussion but without any concrete proposals.
We are now stoutly past the point of arguing whether our computer systems are vulnerable. They are, as demonstrated by any number of recent incidents, including the infiltration of systems managed by Sony International Pictures, JP Morgan Chase, Home Depot, Target and others. The problem deserves high-priority response, and the president deserves credit for urging direct action, though leadership on this issue has been anemic given the severity of the threat.
Imagine the chaos that would ensue should hackers disrupt a critical system of digital infrastructure such as the FAA’s air traffic control system or any of the systems that facilitate trade in the commodities and equities markets. The damage could be irreparable and the losses catastrophic. As it stands now, when we engage in online commerce, we do so with a false sense of safety that is tantamount to a state of denial.
A successful strategy against cybercrime must be more about detection and prevention and less about deterrence and punishment once the deed is done. Two tenets must be embraced.
First, there should be, as the president has ordered, a collaborative network connecting all large public and private database managers and authorities from various state and federal agencies. This would facilitate a number of critical needs, including the ability to act quickly upon discovery of a breach.
Second, there needs to be uniformity in the area of consumer protection. Laws governing how and when consumers should be notified about breaches involving their private data are patchwork, varying from state to state. Congress needs to create a statutory system that serves consumers with better protection and communication.
Authority in this area falls squarely in the federal arena. Online commerce is interstate and international, as demonstrated in the coordinated attack on dozens of separate banking institutions around the world. Public concern over the matter transcends party lines. All of us are vulnerable, as Internet transactions now exceed $1 trillion annually.
There will always be some who will invent nefarious schemes to skim off some of those dollars. It’s the role of the federal government to stay ahead of the scammers. It will require investment of considerable resources as well as consistent leadership, coordination and acknowledgement the battle will be constant — and one we can’t afford to lose.