Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

State of the Union Thoughts

As I watched the State of the Union speech, I waited for almost an hour to hear the President mention some of the cybersecurity initiatives that were released last week to titillate government, businesses and consumers to believing that, for once, cybersecurity was going to be taken seriously as a substantiated threat to our economic future.

When the news was released almost two weeks ago about some of these “critical” cybersecurity initiatives, not many in the cybersecurity realm were impressed. Most of what was mentioned — the 30 day breach notification, release of FICO scores, legislation about cybersecurity sharing, criminalizing the sale of Personally Identifiable Information (PII), would not do much to secure the critical data that businesses and consumers need to protect. Still, these ideas are an improvement, but not one of these initiatives were mentioned last night.

To Mr. Obama’s credit, he now understands that cybersecurity attacks are a danger to the U.S economy and is the first President to mention them in a SOTU address. However, as we know, the difference between talking and taking necessary action is a large one and will require levels of bi-partisan support not usually seen in today’s politics. Fortunately, most members of Congress realize this and, with some of the legislation on the books, the most recent being the Cyber Information Sharing Act of 2014 (which made it out of committee but did not make it to a floor vote), the support is there. With the impact of recent hacks on businesses culminating in their mention in last night’s address, it is certain that this will be taken up first by Congress.

But the devil is in the details. While making talking points for the middle class with phrases like “hackers cannot invade the privacy of families, especially our children,” and “we will pass legislation to combat ID thef…,” it is also intellectually dishonest to infer that the government can prevent hacking, through any means, against corporations or private citizens. If the government used the legal, military, political and economic capabilities collectively, it might diminish the national threat, but to infer that the government can protect every citizen and company is to provide false hope.

But it is Mr. Obama’s mentioning of passing legislation to combat ID theft amongst other grand objectives that should concern the American citizen and business owner most. The issue of legislating cybersecurity is the one area that will have the most significant impact on all the stakeholders in cybersecurity: the government, large businesses, small and mid-size businesses (SMB) and the consumer. The very aspects that this legislation must address: integration of intelligence; sharing of hacking data and individual information; indemnification of participating companies; privacy of corporate and personal information; increasing the ability of law enforcement to investigate and prosecute cyber criminals; the potential for another government bureaucracy; and more mandates posing critical challenges to the development of a well thought out bill.

As proven by previous attempts to pass legislation, whether its cybersecurity, health care, or finance, bills rushed through Congress in the heat of the moment are rarely thought through and carry significant risks that they will not cure the problems they were intended to address. Much careful thought on the part of Congress, businesses of all sizes, the cybersecurity environment academia, law enforcement and more importantly the American citizen should be conducted before a draft measure is even proposed.

While cybersecurity seems to be a hot topic, the administration and well-intentioned Congressmen should take their time in pushing through legislation and bills in order to earn the respect of all stakeholders in cybersecurity. While there is no doubt that Mr. Obama’s initiatives are a good start, care should be taken to ensure that cybersecurity threats are addressed, but not at the expense of entangling corporations in government regulations and endangering the privacy of all American citizens.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903