Who pays the bill for a cyber war?

U.S. President Barack Obama (C) arrives at the U.S. Capitol for a meeting March 13, 2013 on Capitol Hill in Washington, D.C.

The growing threat of cyber attacks has put business on the front lines of national security. Today, President Obama met CEOs of American defense and technology companies -- in the Situation Room, no less -- to discuss how companies and the government can work together to bolster digital defense. The meeting followed warnings from intelligence, defense and counter-terrorism officials that cyber security could pose as big a threat as terrorism.

One clear impact of the White House cybersecurity push is pressure on business to do more. Stewart Baker, a former senior official at the Homeland Security Department and National Security Agency, says he just met with Silicon Valley execs who are feeling the heat.

“Their boards of directors are asking questions about their cybersecurity and whether they’ve had intrusions and how they’ve responded to them,” says Baker, who is now a partner at Steptoe & Johnson. “And that’s a direct result of the kinds of publicity we’re seeing for these attacks.”

Whether it’s companies or governments, figuring out the right budget for digital defense is tricky. They never really know when they’ve spent too much. And they only know if they’ve spent too little when they get hacked. Experts don’t even agree on how much is actually being spent now.

"One number says annual global spending on cybersecurity is $18 billion. Another number says it’s $60 billion," notes Jim Lewis, a senior fellow at the Center for Strategic and International Studies and a former State Department official.

Cybersecurity analysts say a lot of the money spent on digital security is wasted. In some cases, companies aren’t even doing the simple things right, unsexy stuff like managing passwords and updating software.

“This is not rocket science. That’ll remove about 80 percent of the successful attacks," Lewis says.

Then there’s the question of who foots the bill. America’s top cyber commander said yesterday there have been 140 attacks on Wall Street firms in the past six months. An attack on a large American company could damage the entire American economy. So companies argue the government should take more of the burden.

“There’s a sense that you want the government to come in and secure the cyber borders the same way the physical borders are secured,” says Tom Field, a vice president at Information Security Media Group, a cybersecurity trade publisher.

Field hears from a lot of execs frustrated that the government isn’t doing enough. On the other hand, taxpayers may not be too thrilled to pay for the security of private companies. We may not know what the tab will be, but it won’t be cheap.

Kai Ryssdal: The White House calls. Says the president wants you to come for a meeting. You get there this morning. They take you downstairs. Maybe way downstairs. People swipe their ID cards. Maybe there are biometric measuring devices.

All of a sudden, some door whooshes open -- and you're in the Situation Room. The real one -- not the one with Wolf Blitzer. You and a bunch of fellow defense and technology company CEOs there to talk cybersecurity.

This has been a week heavy on digital threats in Washington. Intelligence, defense and counter-terrorism officials have been sounding the alarm in speeches and on Capitol Hill. Today, the White House welcomed Beijing's willingness to hold talks on cyber threats.

But in the meanwhile, there was that meeting in the Situation Room. Marketplace's Mark Garrison has more on business at the front lines of national security.


Mark Garrison: One clear impact of the White House cybersecurity push is pressure on business to do more. Attorney Stewart Baker is a former senior official at the Homeland Security Department. He just met with Silicon Valley execs who are feeling the heat.

Stewart Baker: Their boards of directors are asking questions about their cybersecurity and whether they’ve had intrusions and how they’ve responded to them. And that’s a direct result of the kinds of publicity we’re seeing for these attacks.

America’s top cyber commander said yesterday there have been 140 attacks on Wall Street firms in the past six months. Whether it’s companies or governments, figuring out the right budget for digital defense is tricky. You never really know when you’ve spent too much. You only know if you’ve spent too little when you get hacked. Experts don’t even agree on how much is being spent now.

Jim Lewis: One number says annual global spending on cybersecurity is $18 billion. Another number says it’s $60 billion.

Jim Lewis is a cybersecurity expert at the Center for Strategic and International Studies. He says for all they spend, companies aren’t even doing the simple things right, boring stuff like managing passwords and updating software.

Lewis: This is not rocket science. That’ll remove about 80% of the successful attacks.

So, who should pay? Companies argue the government should take more of the burden. Tom Field is VP at Information Security Media Group, a trade publisher. He hears from a lot of frustrated execs.

Tom Field: There’s a sense that you want the government to come in and secure the cyber borders the same way the physical borders are secured.

Of course, taxpayers may not be too thrilled to pay for the security of private companies. We may not know what the tab will be, but it won’t be cheap. In New York, I'm Mark Garrison, for Marketplace.

About the author

Mark Garrison is a reporter for Marketplace and substitute host for the Marketplace Morning Report, based in New York.

Comments

I agree to American Public Media's Terms and Conditions.
With Generous Support From...