Return of the Guru

Cybersecurity Bill: Too Little, Too Late?

Ara Trembly
Insurance Experts' Forum, July 25, 2011

Last week, the Congressional Committee on Science, Space, and Technology announced that it unanimously approved H.R. 2096, the Cybersecurity Enhancement Act of 2011, a bill that coordinates research and related activities conducted across federal agencies to better address evolving cyber threats.

“By strengthening agency coordination and cooperation on cybersecurity research and development efforts, this bill will help address the comprehensive cybersecurity needs of the nation,” said Committee Chairman Ralph Hall (R-TX). “This is a good bill, and it represents an important step in Congress’s overall efforts to address cybersecurity issues.” 

Cybersecurity R&D is currently shared by several federal agencies, many under the jurisdiction of the Committee, the announcement said. This bipartisan bill primarily addresses efforts at the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST).

“Today’s hackers are no longer thrill-seeking teenagers,” said Rep. Michael McCaul (R-TX), one of the bill’s co-sponsors, in the announcement. “They are organized crime syndicates and national militaries that commit espionage. From thousands of miles away, increasingly sophisticated foreign adversaries are electronically infiltrating sensitive U.S. computer networks to obtain military technologies.”

According to the Committee, H.R. 2096 requires increased coordination and prioritization of federal cybersecurity R&D activities and the development and advancement of cybersecurity technical standards. Anyone who follows the ongoing battle between criminal hackers and legitimate enterprises realizes that better coordination among federal agencies is vital to fighting cyber-crime on a national and international level. This is a positive step, but—like many things we see from Congress—a baby step on a journey where giant steps are desperately needed.

As Rep. McCaul suggests, modern cyber-criminals and unfriendly governments are operating on a very sophisticated level to steal money and data—or to create havoc—in the government and corporate systems we have all come to depend upon in the U.S. Certainly, we want to coordinate our taxpayer-funded efforts to fight this. Beyond that, however, I’m not sure what having cybersecurity technical standards does to stop cyber-crime, unless it refers to all agencies being on the same page, which I heartily endorse.

Nevertheless, this bill amounts to the same thing as telling a group of five-year-old T-ball players to “play nice,” but providing no instruction on the basics of baseball and no equipment to play the game. We need a lot more than this if we hope to make headway in cybersecurity. We need a dedicated and well-funded federal agency that does nothing else but defend our interests in the cyber-world and that continues to evolve new security methods and solutions—just as criminals continue to come up with new ways to steal and cause problems.

Insurance and financial services are industries that are closely linked with government and corporate enterprises, so we can ill afford to tolerate ineffective measures when it comes to the security of the data that is our lifeblood.

One positive about the new bill is that it also “strengthens cybersecurity education and talent development and industry partnership initiatives,” says the Committee. There is a definite need to develop talented individuals who will devote themselves to defending our nation’s government and corporate systems. There is also a need, however, to provide a place for these individuals to ply their trade.

Much will hinge on the fuzzily-defined “public-private cooperation” hinted at in this bill. Unless we are serious about funding this effort and sticking it out for what will likely be many years to come, our efforts amount to little more than using a shot glass to bail water from a sinking ocean liner.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Mobile Device Management – Find That Middle Ground

There's a tug of war over BYOD, but neither those in favor nor those against should tug too hard.

Social Media for Insurers — Stop Counting and Start Measuring

Measuring goes beyond just accumulating fans and followers: it looks at the contribution to business.

Vendors Embrace Mobile Technology

IT leaders at software firms clearly recognize the importance of mobility to drive their businesses forward. Almost 70 percent see mobility as mission critical or important to their organization today.

Digital Vision vs. Harsh Reality

Much work remains to reconcile insurers' digital vision with the digital reality that seems to be arriving for other industries.

Big Data Is Paying Off

Insurers are getting business benefit out of their big data projects, but these projects alone won't grow their business.

What Can Insurers Learn from Home Depot?

The latest cyber-attack highlights the importance of helping policy holders defend themselves.