When it comes to bolstering cybersecurity -- safeguarding a wide array of computer networks that control everything from the U.S. electrical grid and water plants to financial and medical records -- meaningful protection is a long way off, even as cyberattacks score hit after hit on U.S. targets.
Businesses are increasingly vulnerable as cloud computing and mobile commerce gain in popularity. Both favor access and usability over security, and cybercriminals are taking notice. Many of the most vulnerable computer systems "were never designed to be secure," says Joe Weiss, managing partner at Applied Control Solutions LLC, which provides strategic consulting on industrial cybersecurity targets.
Cybertheft costs firms $1 trillion worldwide, which includes worker downtime, financial losses, physical repairs and rebuilding damaged business reputations.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Also on the rise: more-sophisticated malware, such as the Stuxnet computer worm and Aurora, a China-originated attack on Google, Adobe Systems, Morgan Stanley, Dow Chemical and other companies. What's more, many breaches go unnoticed for weeks. Note that the U.S. and Israel secretly used the Stuxnet worm to crash nearly 1,000 centrifuges critical to the development of Iran's nuclear program. And "it's much easier to attack our power companies than centrifuges in Iran," says Alan Paller, director of research at SANS Institute, a cybersecurity training school.
The problem is, there's no cheap fix. Experts say U.S. firms would have to triple spending over their current budgets to ward off attacks. And putting every exposed weakness behind a firewall would cost even more.
The cost factor is largely behind Congress' inability so far to pass legislation that would begin to address needed standards and other steps to stop cyberattacks.
Lawmakers removed a provision requiring firms to comply with government standards on cybersafety in favor of voluntary compliance, but even the dilution draws protests. Business groups say a cybersecurity law would create burdensome regulations, with no guarantee of success. They’re also reluctant to share data with the feds.
"In all my years working to identify vulnerabilities to our national security, I can't think of an area where the threat is greater and where we have done less," says Sen. Susan Collins of Maine, the ranking Republican on the Senate Committee on Homeland Security and Governmental Affairs.
A bill still can pass later this year or next, however. The White House, CIA and National Security Agency will make it clear that they're not just crying wolf. The bill would set up a national cybersecurity council that would recommend standards. In coming years, even more stringent rules for sharing vital intelligence between businesses and government are likely, particularly if voluntary efforts fall short.
Spending on security measures will be ramped up, growing by 10% a year in the U.S. over the next five years. Should there be a big attack, spending will soar. Poised for big paydays: tech firms that specialize in online security -- Cisco, Oracle, McAfee, Symantec, IBM, Trend Micro, EMC and others.
There will be roaring demand for cybersecurity experts. The government alone wants to hire at least 10,000 specialists in coming years. The private sector will add 100,000. The median pay for "white hat" hackers and other experts will approach six figures.
Despite the debate and delay, the government, and eventually businesses defined as critical infrastructure, will have to take action, because it's a matter of when, not if, a potentially crippling cyberattack will occur. The question is, how prepared will the U.S. be to mitigate the damage?
-
Strategies to Optimize Your Social Security BenefitsTo maximize what you can collect, it’s crucial to know when you can file, how delaying filing affects your checks and the income limit if you’re still working.
-
Don’t Forget to Update Beneficiaries After a Gray DivorceSome states automatically revoke a former spouse as a beneficiary on some accounts. Waivers can be used, too. Best not to leave it up to your state, though.
-
AI Regulation is Looming: Kiplinger Economic ForecastsEconomic Forecasts Find out what Washington and regulators have planned for artificial intelligence.
-
The Biden Tax Plan: How the Build Back Better Act Could Affect Your Tax BillPolitics Depending on your income, the Build Back Better Act recently passed by the House could boost or cut your future tax bills.
-
Kiplinger's 2020 Election ForecastPolitics For nearly a century, The Kiplinger Letter has forecasted the outcome of presidential elections to keep readers informed of what's coming and what it means for them. Here's our call for 2020.
-
The 2020 Election and Your MoneyPolitics We’ve assessed how the presidential candidates’ stances on financial issues will affect your wallet.
-
5 HEROES Act Provisions with a Good Chance of Becoming LawPolitics The massive federal stimulus bill just passed by the House of Representatives is "dead on arrival" in the Senate. But a few proposals in the bill have enough bipartisan support to eventually become law.
-
Vote by Mail: A State-by-State Guide to Absentee Ballot VotingPolitics With health authorities recommending people continue to social distance, the idea of voting by mail is becoming an increasingly hot topic.
-
9 Ways COVID-19 Will Change the 2020 ElectionsPolitics The 2020 election will be like no other in history, as the COVID-19 pandemic will upend the business of politics as usual.
-
How to Run for Local OfficePolitics If you’ve ever thought that you could do a better job than the elected officials currently in office, here’s how to launch a campaign—and win.
