According to Yahoo News, President Obama plans to appoint a White House official to be in charge of coordinating the federal government’s response to cybercrime. This comes after years of reports of identity theft, many tens of thousands of viruses aimed at security holes in mostly Microsoft operating systems like Windows 98, XP, and 2000, and increasing system security problems for infrastructure (like energy companies and utilities). Click here for an article on hacking into the FAA air traffic control system. Click here for a summary of attacks on the U.S. Defense Department and the U.S. electrical grid.
The problem is certainly not going away as the shadow market for hacking services is making a profit on the successful attacks of systems. One matter not addressed today that might help improve security is the need for all information systems custodians to regularly report on security breaches. The federal government does keep track and report on the number of attacks on federal government systems, but there is no single repository to keep track of attacks on private companies. There is obviously no incentive for a private company to report security problems as this leads to fewer customers and could put the company out of business. But even a single, national and anonymous reporting system would be a start to help gauge the depth of the problem. Security problems are also a relevant consideration for consumers that might be giving data to a company to transact business, such as credit card, health, financial or other personal information. Consumers should have the right to know about the security practices of businesses, and the effectiveness of these practices in protecting information from unauthorized use.
Furthermore, unless the market reflects the cost of security in the pricing of services, businesses will continue to operate without sufficient security in place, and our economy will continue to be at risk of being shut down by terrorists and hackers. I suspect that this may be one of the areas where the market failure is so substantial that government intervention is justified to more seriously regulate computer security, especially in critical areas of the economy like banking, infrastructure, and the like.