3 min read
The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates, Hilary Clinton and Donald Trump, were asked the following question on the topic of cybersecurity in the U.S:
“On securing America. We want to start with a twenty first century war happening every day in this country. Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who’s behind it? And how do we fight it?”
It appeared that both candidates made comments to show that this topic was of vital importance to the security of the US and our data.
While much of the focus of the comments were focused on Russia as an adversary, I think it’s safe to say that the attacks against the US comes from a variety of sources that we need to be on the defense for as a nation.
So what should we do?
There are many opinion’s on this, but mine includes having the Internet Service Providers be responsible for providing “cleaner” traffic down to end users.
If an ISP can do some basic “block and tackling” such as checking network traffic for viruses, or blocking certain countries that have shown that they won’t cooperate with prosecution of hackers that attack US companies and individuals.
What else can be done?
Along with the attention being given to this topic by the Presidential candidates, it would be good to see more mandates pushed down around things such as cybersecurity event correlation, data sharing, and standards for non-government entities.
For example, it should not be the norm now for a large corporation to go without security basics such as SIEM tools with advanced threat intelligence powering it, managed by an outside entity. I think it’s pretty clear that most corporations, regardless of size, cannot (or simply will not) adequately staff their cybersecurity operations center to monitor threats to the corporate data they are responsible for.
If the new President were to mandate that certain protections need to be in place for any corporate entity that stores, processes, or handles consumer, financial, healthcare, and payment data, it would go a long way towards setting the bar higher than it is now.
Sure, we have PCI and HIPAA regulations, but many of those are “checkbox” regulations today that are loosely audited and without real ramifications until after a major breach.
What about data sharing?
This is an area where I think we need some real governmental reform. It’s a shame when there is data out there on how to protect a company from hackers, but it’s only available to those with certain security clearances or those that subscribe to a paid feed of threat intelligence.
Sure, there are local and regional groups that try their best to setup private sharing methods, but I think what is really needed is a directive that all threat intelligence that can help better protect a corporate entity should be made available to those that need it.
After all, why would anyone keep that information from a company that could use it to defend themselves?
