In last nightUs State of the Union Address, President Obama spoke about the need for our nation to fight against cybercrime.
From the White House transcript:
RNo foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our childrenUs information. If we donUt act, weUll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.S
We agree with the President. Privacy is key. An individualUs data should be protected, and they should be guaranteed a reasonable expectation of privacy.
So what role can the government play in making that happen?
For starters, they can facilitate a national debate about disclosure and how much risk consumers should be expected to bear. Attackers are finding flaws that affect millions, and the industry is not reacting quickly enough to protect consumers. For example, if the auto industry were given 90 day windows before they had to recall faulty seatbelts, US citizens would be in an uproar. But, due to outdated responsible disclosure windows, this has become acceptable in technology. Mobile is increasing the speed of change within the industry while simultaneously putting all the burden on the consumer. We need to update our conversations accordingly around regulation and disclosure.
The government can advance the nationUs cybersecurity by taking leadership in protecting its own networks and mobile devices while continuing to share information with its DIB partners and other critical sectors. We welcome the governmentUs initiatives that continuously monitor risk on mobile devices of the federal workforce as well defining standards for mobile App Vetting criteria for use within its own departments and agencies. These best practices can then be shared with – and be an example for – the industry as a whole.
But the government canUt do it alone. Tech companies should be focused on security in every aspect of the software development lifecycle to help protect the data that we hold and trust so dearly. While we look to the government to lead, we also need to look to ourselves and our peers to ensure weUre taking the proper steps to protect our users and their data. As we grow and evolve around the changing landscape, we will become a more technologically secure society as a whole.