When it comes to bolstering cybersecurity -- safeguarding a wide array of computer networks that control everything from the U.S. electrical grid and water plants to financial and medical records -- meaningful protection is a long way off, even as cyberattacks score hit after hit on U.S. targets.
Businesses are increasingly vulnerable as cloud computing and mobile commerce gain in popularity. Both favor access and usability over security, and cybercriminals are taking notice. Many of the most vulnerable computer systems "were never designed to be secure," says Joe Weiss, managing partner at Applied Control Solutions LLC, which provides strategic consulting on industrial cybersecurity targets.
Cybertheft costs firms $1 trillion worldwide, which includes worker downtime, financial losses, physical repairs and rebuilding damaged business reputations.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Also on the rise: more-sophisticated malware, such as the Stuxnet computer worm and Aurora, a China-originated attack on Google, Adobe Systems, Morgan Stanley, Dow Chemical and other companies. What's more, many breaches go unnoticed for weeks. Note that the U.S. and Israel secretly used the Stuxnet worm to crash nearly 1,000 centrifuges critical to the development of Iran's nuclear program. And "it's much easier to attack our power companies than centrifuges in Iran," says Alan Paller, director of research at SANS Institute, a cybersecurity training school.
The problem is, there's no cheap fix. Experts say U.S. firms would have to triple spending over their current budgets to ward off attacks. And putting every exposed weakness behind a firewall would cost even more.
The cost factor is largely behind Congress' inability so far to pass legislation that would begin to address needed standards and other steps to stop cyberattacks.
Lawmakers removed a provision requiring firms to comply with government standards on cybersafety in favor of voluntary compliance, but even the dilution draws protests. Business groups say a cybersecurity law would create burdensome regulations, with no guarantee of success. They’re also reluctant to share data with the feds.
"In all my years working to identify vulnerabilities to our national security, I can't think of an area where the threat is greater and where we have done less," says Sen. Susan Collins of Maine, the ranking Republican on the Senate Committee on Homeland Security and Governmental Affairs.
A bill still can pass later this year or next, however. The White House, CIA and National Security Agency will make it clear that they're not just crying wolf. The bill would set up a national cybersecurity council that would recommend standards. In coming years, even more stringent rules for sharing vital intelligence between businesses and government are likely, particularly if voluntary efforts fall short.
Spending on security measures will be ramped up, growing by 10% a year in the U.S. over the next five years. Should there be a big attack, spending will soar. Poised for big paydays: tech firms that specialize in online security -- Cisco, Oracle, McAfee, Symantec, IBM, Trend Micro, EMC and others.
There will be roaring demand for cybersecurity experts. The government alone wants to hire at least 10,000 specialists in coming years. The private sector will add 100,000. The median pay for "white hat" hackers and other experts will approach six figures.
Despite the debate and delay, the government, and eventually businesses defined as critical infrastructure, will have to take action, because it's a matter of when, not if, a potentially crippling cyberattack will occur. The question is, how prepared will the U.S. be to mitigate the damage?
-
Dow Adds 646 Points, Hits New Highs: Stock Market TodayIt was "boom" for the Dow but "bust" for the Nasdaq following a December Fed meeting that was less hawkish than expected.
-
5 Types of Gifts the IRS Won’t Tax: Even If They’re BigGift Tax Several categories of gifts don’t count toward annual gift tax limits. Here's what you need to know.
-
The 'Scrooge' Strategy: How to Turn Your Old Junk Into a Tax DeductionTax Deductions We break down the IRS rules for non-cash charitable contributions. Plus, here's a handy checklist before you donate to charity this year.
-
Kiplinger's 2020 Election ForecastPolitics For nearly a century, The Kiplinger Letter has forecasted the outcome of presidential elections to keep readers informed of what's coming and what it means for them. Here's our call for 2020.
-
How the GOP Tax Bill May Affect BusinessesBusiness Costs & Regulation Corporations would enjoy a lower flat tax rate while individual owners of pass-throughs would also see a lower rate, but with more complex terms.
-
The Long Slog in Congress After Comey
Politics Trump's firing of the FBI director ruffled congressional feathers, but not enough to spur an independent investigation into Russian meddling in the 2016 U.S. election.
-
Trump’s Tax Reform Plan Faces Tough ChallengesPolitics A one-page outline isn't enough to satisfy a Congress interested in the details — and protecting constituents.
-
Trump's Agenda and ChallengesPolitics What lies ahead for the President-Elect.
-
Clinton on Track to Win 2016 Presidential Election
Politics Trump can win the White House, but faces an uphill climb.
-
New Overtime Rules Will Hit Businesses This YearBusiness Costs & Regulation A change in salary threshold will make more workers eligible for extra pay.
-
Bumpy Road Ahead in 2016 Presidential Race
Politics Trump will get a bounce after the Republican convention, but Clinton is poised to regain ground.
