Awareness Month: Just a Fading EchoPlenty of Talk but Not Much Action
But how effective has this annual promotion of cyber hygiene been in providing a more secure computing environment?
There's plenty of talk about taking steps to be more secure, but many question whether the government is doing enough to protect its own systems as well as work with the private sector to assure the security of the nation's critical IT infrastructure.
Despite all our efforts, the market still doesn't appreciate how much good cybersecurity is worth.
And, it seems, most people - whether in Congress or throughout the nation - don't truly care about IT security. They understand the threat but don't feel threatened. Even when something bad happens, it's often viewed as a temporary inconvenience. It's sort of like the threat of cancer; we're aware of our vulnerability, but we don't exercise, don't change our diets and, for one in five of us, we don't quit smoking.
The most visible advocate of cybersecurity and the No. 1 protector of our digital assets is the federal government, but despite the warning signs, in more than a half decade, Congress has failed to implement any significant cybersecurity legislation. That doesn't mean those in government aren't taking steps to secure IT, they are, but much more still must be done. And, the reason for the reticence among lawmakers is simple: their constituents aren't demanding any action despite all the warning signs.
"A few short months after major intrusions that put customers' personal and financial information in the hands of criminals, both Sony's and Citi's stock prices barely reflect anything amiss," Rep. Jim Langevin, the Rhode Island Democrat who co-founded the House Cybersecurity Caucus, said in a speech delivered at the Brookings Institute this past week. "The reason for this is more than good PR; it is because, despite all our efforts, the market still doesn't appreciate how much good cybersecurity is worth."
Langevin refers to the current situation as "the silent cyber crisis," saying it has grown to the point where it can no longer be ignored. "Some say it will take a 'Cyber 9/11' or 'Digital Pearl Harbor' that inflicts severe damage to our power grid, water supply or financial system to convince the public and the markets that cybersecurity is a worthwhile investment," Langevin said. "I have been fighting to make sure it does not take an emergency, but I fear we are running out of time."
He's right, though something less catastrophic - such as hackers taking down Facebook - could get citizens to feel the real threat and get their congressional representatives to act.
In an age when we're inundated with news and information - Occupy Wall Street, the GOP primary debate over the flat tax and immigration, the Arab spring, European debt crisis - the events of the day become white noise drowning out the call to become more proactive in all manners of securing IT. Even when heard, awareness, unfortunately, doesn't equate action.