That word was my conclusion leaving a recent San Diego event on cyber-security. My city is exceptionally well organized around this topic, which makes my feeling all the more compelling. We have a non-profit to advance awareness, education, and preparation. A collaborative center for researchers exists. An economic cluster for cyber-security and the Internet of Things has been organized to attract money, established companies and talent to San Diego to further strengthen our security. And still another group is solving the workplace shortage of security experts. We are building a community more secure from a cyber attack of significant impact than most other cities.
But listening to the speakers at the symposium, I observed a passionate group of do-gooders holding their fingers in an increasingly fragile dike. One speaker captured our reality in a single sentence, “It will take one huge crisis – like an attack on our all our water districts” to wake people up.
If the Sony hacking did not scare us enough, what will? The FBI told the CEO of Sony Entertainment that Sony had excellent cyber-security. Specifically, 90% of companies in the US would have fallen victim to a similar attack.
Cyber-security presents a classic public goods problem. The more secure you are, the more secure I am to the extent our on-line lives intersect. But none of us acknowledge our cyber interdependency when we make decisions personally and organizationally about how much to invest in digital security. Our value calculation only incorporates how we directly benefit versus what we pay, not how others will benefit from our added security. As a result, we collectively under invest in digital protection relative to the level in society’s best interests.
One critical role of government is to catalyze an adequate provision of vital public goods, like cyber security. Investments in research, education, and solutions are government’s levers. Another tool is regulations that make it far more costly for suppliers, buyers and users of digital devices to ignore security. Fortunately, there’s some movement along all fronts.
The military has increased its spending on cyber security. Publicly owned companies must report on the risks they face from cyber-security issues and how they are minimizing them. And there is talk of holding C-Suite executives personally liable for privacy breaches of their employees or customers. (But how much do you want to bet that won’t pass?) And venture capitalists and start-ups, as well as giant tech companies like IBM, see the business opportunity in security, which will advance needed innovations.
But is it enough? We are becoming ever more dependent on digital communications and devices. Security experts must be right 100% of the time. Hackers only need to win the lottery once. And as our military might and those around the globe who hate us grow, we are likely to be attacked at our most vulnerable spots. Yesterday an airplane and buildings. Tomorrow, air traffic control by hacking the GPS system.
Cyber security is a surmountable problem. But it requires a long-term perspective. That is why I feel doomed. Politicians lack a long-term perspective. How else do you explain a Congress funding equipment the Defense Department does not want, rather than spending more money on cyber-security research? Corporations care more about this quarter’s bottom line and stock price than a vague risk somewhere in the future. And most of us know too little about security for our identity protection. Kids, work, fun, and sleep take priority.
One of the speakers suggested we all create a C-bag. It contains an electronic record of every important document we have – birth certificates, our marriage certificate, title deeds, settled and current mortgages, account numbers, passwords, etc. Keep it in a safe place, she argued, outside your house. It struck me that what I need as well are paper copies of valuable documents. There will likely be a time when access to computers will not be available.
Tomorrow, as you go about your life, become aware of how much you and we rely on technology. You’ll start your bag. You might also have a different stance on government regulation. Sometimes, it’s exactly what the public commons needs.
Copyright, 2014 Kay Plantes