Advertisement
Politics

Congress Fiddles as Cyberattacks Intensify

Firms are opposed to costly new laws. But they might have the most to lose.

When it comes to bolstering cybersecurity -- safeguarding a wide array of computer networks that control everything from the U.S. electrical grid and water plants to financial and medical records -- meaningful protection is a long way off, even as cyberattacks score hit after hit on U.S. targets.

Businesses are increasingly vulnerable as cloud computing and mobile commerce gain in popularity. Both favor access and usability over security, and cybercriminals are taking notice. Many of the most vulnerable computer systems "were never designed to be secure," says Joe Weiss, managing partner at Applied Control Solutions LLC, which provides strategic consulting on industrial cybersecurity targets.

Cybertheft costs firms $1 trillion worldwide, which includes worker downtime, financial losses, physical repairs and rebuilding damaged business reputations.

Advertisement - Article continues below

Also on the rise: more-sophisticated malware, such as the Stuxnet computer worm and Aurora, a China-originated attack on Google, Adobe Systems, Morgan Stanley, Dow Chemical and other companies. What's more, many breaches go unnoticed for weeks. Note that the U.S. and Israel secretly used the Stuxnet worm to crash nearly 1,000 centrifuges critical to the development of Iran's nuclear program. And "it's much easier to attack our power companies than centrifuges in Iran," says Alan Paller, director of research at SANS Institute, a cybersecurity training school.

Advertisement
Advertisement - Article continues below

The problem is, there's no cheap fix. Experts say U.S. firms would have to triple spending over their current budgets to ward off attacks. And putting every exposed weakness behind a firewall would cost even more.

The cost factor is largely behind Congress' inability so far to pass legislation that would begin to address needed standards and other steps to stop cyberattacks.

Lawmakers removed a provision requiring firms to comply with government standards on cybersafety in favor of voluntary compliance, but even the dilution draws protests. Business groups say a cybersecurity law would create burdensome regulations, with no guarantee of success. They’re also reluctant to share data with the feds.

Advertisement - Article continues below

"In all my years working to identify vulnerabilities to our national security, I can't think of an area where the threat is greater and where we have done less," says Sen. Susan Collins of Maine, the ranking Republican on the Senate Committee on Homeland Security and Governmental Affairs.

A bill still can pass later this year or next, however. The White House, CIA and National Security Agency will make it clear that they're not just crying wolf. The bill would set up a national cybersecurity council that would recommend standards. In coming years, even more stringent rules for sharing vital intelligence between businesses and government are likely, particularly if voluntary efforts fall short.

Spending on security measures will be ramped up, growing by 10% a year in the U.S. over the next five years. Should there be a big attack, spending will soar. Poised for big paydays: tech firms that specialize in online security -- Cisco, Oracle, McAfee, Symantec, IBM, Trend Micro, EMC and others.

There will be roaring demand for cybersecurity experts. The government alone wants to hire at least 10,000 specialists in coming years. The private sector will add 100,000. The median pay for "white hat" hackers and other experts will approach six figures.

Despite the debate and delay, the government, and eventually businesses defined as critical infrastructure, will have to take action, because it's a matter of when, not if, a potentially crippling cyberattack will occur. The question is, how prepared will the U.S. be to mitigate the damage?

Advertisement

Most Popular

12 Tax Deadlines for July 15 (It's Not Just the Due Date for Your Tax Return)
tax deadline

12 Tax Deadlines for July 15 (It's Not Just the Due Date for Your Tax Return)

Between due dates for IRA or HSA contributions, paying estimated taxes and other deadlines, there's more to do by July 15 than just filing your federa…
July 10, 2020
65 Best Dividend Stocks You Can Count On
stocks

65 Best Dividend Stocks You Can Count On

These 65 Dividend Aristocrats are an elite group of dividend stocks that have reliably increased their annual payouts every year for at least a quarte…
July 8, 2020
Know Why Your Credit Score Changes: 9 Money Moves to Consider
credit & debt

Know Why Your Credit Score Changes: 9 Money Moves to Consider

Your credit score is a key indicator of your financial well-being and of the risk you pose to lenders. How good is yours?
July 10, 2020

Recommended

Travel Planning in the Time of Coronavirus
Travel

Travel Planning in the Time of Coronavirus

Insurance may not cover canceled vacations, but airlines and hotels may be flexible.
June 11, 2020
13 Things That May Soon Disappear Forever (The Pandemic Edition)
business

13 Things That May Soon Disappear Forever (The Pandemic Edition)

Emerging technologies (and now the COVID-19 pandemic) are putting an end to these familiar items and practices.
June 9, 2020
Don't Let the Drama Surrounding PPP Distract You from Running Your Business
business

Don't Let the Drama Surrounding PPP Distract You from Running Your Business

If you're so wrapped up in worry about your Paycheck Protection Program loan not being forgiven, think about the worst-case scenario. It might not be …
June 5, 2020
Another Epidemic to Worry About: Identity Theft
business

Another Epidemic to Worry About: Identity Theft

Fraud losses grew in 2019 and are likely to increase in 2020.
June 5, 2020