A Cyber Expert’s Take: Government Hasn’t Done Enough

Fred Cate, Indiana University professor of law and senior fellow with the IU Center for Applied Cybersecurity Research talks to Government Technology.

“The government’s not nearly done what it should,” he says. “We have no obligation to protect data.”

The article compares cybersecurity regulations to those of a car – safety measures such as seat belts and air bags and testing have to be in place for cars, but for cybersecurity, well, where are the seatbelts?

Cate raises the concern of how cyber attacks are becoming more sophisticated.

“When we think about the risk of attacks, what we are seeing a lot more of are organized attacks,” he told Government Technology.

Though information sharing is usually the key focus of legislation, there are other things the government can do. For example, the article explains, companies could be held liable when money is lost by other companies or individual people because of a data breach. But it may be hard to bring these kinds of changes to fruition.

“Every year, after every major attack, we say ‘This will be the year,’ and in a rational world, it would,” Cate tells Government Technology. “But Congress and the President – it isn’t rational. It’s really just a crap shoot. It’s like rolling dice.”

Some of Cate’s final points:

  • Biggest problem in data security? People. Most breaches have a human element (e.g. someone clicking on a link they shouldn’t).
  • More cybersecurity research needed but not enough funding.
  • Education about data security is important – and why not start it in elementary schools?
  • Cyber risk is a multifaceted problem.

“It’s lots of information – it’s part of what makes cybersecurity so hard to deal with,” Cate concludes in the article. “Nobody’s got a silver bullet.”

 

For the original article, click here:

http://www.govtech.com/security/Cybersecurity-Expert-Says-Government-Hasnt-Done-Enough-to-Protect-Data.html