Brian Krebs, once again, has made me angry. His report described how Experian, the credit reporting business, has perpetrated cybersecurity negligence. In this latest data breach, Experian has allowed identity thieves access to my financial data. And I’m still smarting from the calamity of the 2017 Equifax data breach.
Filled with righteous indignation, I wrote my congressional representatives to ask they join Senator Ron Wyden in holding these reporting bureaus (and Experian in particular) accountable for their cavalier handling of our data. It’s high time to publicly name and shame those negligent of their professional responsibilities to protect our information. I look forward to Experian executives having to explain their egregious behavior.
The constant streams of data leaked by companies and organizations undermine our nation’s confidence in and reliance on cyberspace. As I speak to community groups about cybersecurity, I hear a growing sense of helplessness, resignation, and fatigue. Congress needs to act to shore up our confidence in data stewardship and give our citizens hope that solutions are possible and underway.
Fortunately, several Federal agencies are stepping up to this challenge with regulatory proposals, mainly on a sector-by-sector basis. This is prudent because the FTC, FCC, SEC, TSA, etc., have unique insights and communication methods with their constituent industries. Agencies should work closely to promote best practices, building consensus and standards of practice that each sector can adopt and encourage peers in their industry to adopt. Peer pressure and standards of practice are potent tools for promoting the adoption of security solutions. The Financial Services Information Sharing and Analysis Center (FS-ISAC) is an outstanding example of a sector responding affirmatively to this crisis.
Cybersecurity and Infrastructure Security Agency’s ISAC methodology is admirable for working with the private sector. However, most of the responsibility, authority, creativity, and resources to staunch the data bleeding reside with the private sector. Therefore, the ISACs and public-private partnerships should be endorsed by Congress, hopefully on a bi-partisan basis. This is so that our nation protects itself from adversaries, foreign and domestic, that would undermine our progress toward a digital economy.
In addition, we need an independent investigatory body to research and document cyber incidents. The National Transportation Safety Board is an example of how incidents are studied and understood, and lessons are learned. The FAA then uses these findings to promulgate regulatory solutions. Over time the NTSB and FAA have dramatically improved transportation safety and security. Industry leaders have seen participation in the process and compliance with regulations as a competitive and reputational advantage.
Walt Houser 