U.S. needs to construct national cyber security policyReprints
A massive data breach at health insurer Anthem Inc. should provide more impetus for a long-overdue development — the formulation of a national cyber security strategy.
Fortunately, there are signs that the time is ripe for such a strategy. Earlier this month, the White House announced the creation of the Cyber Threat Intelligence Integration Center to help business and government deal with cyber crime. A few days later, Sen. Tom Carper, D-Del., introduced the Cyber Threat Sharing Act of 2015, S. 456, which is aimed at removing barriers in order to increase the sharing of cyber threat data between private industry and the federal government.
The data breach at Anthem involved nearly 80 million records and spurred state and federal investigations. The crime underscored that no data is safe from those criminal and, in some cases, state-sponsored actors that wish to profit monetarily or undermine commercial and national security.
Cyber crime knows no boundaries, which is why a national anti-cyber crime approach is the only one that could prove effective. Two components are particularly critical if such a strategy is able to work.
First, the private sector and the federal government must be able to share cyber risk information. That means that private concerns must be provided all reasonable liability protections as they voluntarily share information about threats and countermeasures in real time.
The second component is crafting a single national standard for reporting data breaches. Right now, myriad state laws set the standards. Given the nature of cyber crime, such a system is far from ideal.
Putting together a strategy won't be easy, and it won't be achieved quickly. Among other things, privacy concerns will have to be addressed in the context of the nature of cyber crime itself centers on the invasion of privacy. Sometimes it has seemed as if advocates of a comprehensive national cyber security strategy such as former House Intelligence Committee Chairman Mike Rogers, R-Mich., were voices in a cyber wilderness.
Those voices should have been heard much earlier. The Anthem data breach is yet more proof that working seriously toward a comprehensive national strategy cannot be put off any longer.