If You're Hacked, Blame the Government
The increasing vulnerability of companies to cyberattacks can be largely blamed on sluggish or nonexistent action on part of the U.S. government, say some security pros.
Washington has failed largely by not creating the proper system for sharing critical information, security experts said this week at First Data's Cyber Security Summit in New York.
"I'm monumentally frustrated with our government," said Art Coviello, executive chairman of RSA, the security division of EMC (EMC).
"There absolutely needs to be government leadership to share information timely to take some of the liability concerns and antitrust concerns away from us that would like to share information," Coviello said. "We are not getting leadership from our government."
"My biggest concern when we talk about these kind of problems today and all of the solutions that are already in the works is that I'd hate to see us -- having gone through 9/11-- go through 9/11 again to get this kind of change that we are talking about on the political side," Graham said.
"That sharing was pushed by the political side, and that sharing just isn't pushed right now, so that's the challenge."
The government has also failed to implement cybersecurity requirements for companies that are the backbone of critical infrastructure, Coviello said.
Last month, the Obama administration established a voluntary Cybersecurity Framework for critical infrastructure providers, %VIRTUAL-article-sponsoredlinks%which was a step in the right direction, but Congress is still "monumentally inactive," Coviello said.
Example: The Senate's failure to pass the Cyber Intelligence Sharing and Protection Act, which was introduced almost three years ago but has stalled because of privacy concerns.
"I'm all for privacy, but we've got to have some balance here. The administration has to lead and Congress has to act," Coviello said. "And we, all of us, have to push Congress to get these things passed."
But businesses shouldn't hold their breath for the government to do anything anytime soon, said John Watters, chairman and CEO of iSight Partners, a cyberthreat intelligence firm.
"Through a customer lens, [the government is] not going to be leading the charge of the change. It will have to come from the commercial sector at a commercial pace," Watters said.
"Commercial companies are going to have to lead the way."
More from CNBC
- Dangerous Website Attacks - and How to Avoid Them
- How Cybersecurity Pros Really Feel About Hackers
- Hacking America