The growing threat of cyber attacks has put business on the front lines of national security. Today, President Obama met CEOs of American defense and technology companies -- in the Situation Room, no less -- to discuss how companies and the government can work together to bolster digital defense. The meeting followed warnings from intelligence, defense and counter-terrorism officials that cyber security could pose as big a threat as terrorism.
One clear impact of the White House cybersecurity push is pressure on business to do more. Stewart Baker, a former senior official at the Homeland Security Department and National Security Agency, says he just met with Silicon Valley execs who are feeling the heat.
“Their boards of directors are asking questions about their cybersecurity and whether they’ve had intrusions and how they’ve responded to them,” says Baker, who is now a partner at Steptoe & Johnson. “And that’s a direct result of the kinds of publicity we’re seeing for these attacks.”
Whether it’s companies or governments, figuring out the right budget for digital defense is tricky. They never really know when they’ve spent too much. And they only know if they’ve spent too little when they get hacked. Experts don’t even agree on how much is actually being spent now.
"One number says annual global spending on cybersecurity is $18 billion. Another number says it’s $60 billion," notes Jim Lewis, a senior fellow at the Center for Strategic and International Studies and a former State Department official.
Cybersecurity analysts say a lot of the money spent on digital security is wasted. In some cases, companies aren’t even doing the simple things right, unsexy stuff like managing passwords and updating software.
“This is not rocket science. That’ll remove about 80 percent of the successful attacks," Lewis says.
Then there’s the question of who foots the bill. America’s top cyber commander said yesterday there have been 140 attacks on Wall Street firms in the past six months. An attack on a large American company could damage the entire American economy. So companies argue the government should take more of the burden.
“There’s a sense that you want the government to come in and secure the cyber borders the same way the physical borders are secured,” says Tom Field, a vice president at Information Security Media Group, a cybersecurity trade publisher.
Field hears from a lot of execs frustrated that the government isn’t doing enough. On the other hand, taxpayers may not be too thrilled to pay for the security of private companies. We may not know what the tab will be, but it won’t be cheap.