There was a great deal of anticipation about President Obama’s participation in the recent conference on cybersecurity at Stanford University, in the heart of Silicon Valley, where he met with high-tech company executives last week.
It wasn’t a shocking surprise, however, that the Government’s proposal, to be enshrined into a Presidential Order, in reality only boils down to a call for sharing misery tales between the Government and private companies. Once the political rhetoric is stripped away this approach doesn’t offer any improvement in cyber security. The reality is that hacks are usually discovered months or even years after the fact, when all the damage has already been done. That’s assuming the hack is even detected in the first place.
It’s not the best kept secret in town that most hacks, and certainly the most dangerous ones, are rarely or never detected, or only long after the fact. A great example is the recently announced international multi-bank hack that netted somewhere between $300 million and $1 billion to the unknown attackers. See http://www.nytimes.com/2015/02/15/world/bank-hackers-steal-millions-via-malware.html?emc=edit_th_20150215&nl=todaysheadlines&nlid=58721173&_r=0
The vagueness in the loss assessment speaks very loudly to how little the cyber security experts involved know about the hack even now. And, of course, they haven’t a clue as to who did it. Not to mention that it took them two years to discover the loss.
On the more optimistic side there is a rising public awareness of the problem that sooner or later will lead to a public demand for the development of a true cyber security technology. Unfortunately, this is unlikely before the pain from cyber attacks becomes really intolerable, probably as a result of a massive loss of human life.