Recent days have produced real and unprecedented signs of concerted efforts to begin to solve global cybersecurity problems. Most importantly, reports by knowledgeable observers have surfaced of a lull in Chinese cyber-attacks against the US and US companies in the past few months, following the massive OPM breach and long series of successful attacks against US health insurers, apparently in anticipation of the focus on those attacks by Presidents Obama and Xi Jinping in their meetings this week, and related to areas of consensus that have recently been explored by delegations in anticipation of those meetings. Adoption of a code of conduct may be achieved. The economic moment appears to many to be one in which mutual interest in a meaningful pact has a real chance, but experts on President Xi do not expect a change in his strategy based on those interests.
Even in the ridiculous reality show that the U.S. presidential race has become, signs of cyber-seriousness have been been spotted. Perhaps not so much, you say, in John McAfee’s cyber-security-focused candidacy, but perhaps more in these words published Saturday by former RSA head Art Coviello:
Fat chance, you say, but perhaps fatter than it seems, because Coviello is saying those words as a new member of an undoubtedly unholy but powerful group devoted to pushing the candidates on national security issues through the 2016 elections. As the race moves from the primal scream phase to the pocketbook phase, cybersecurity is likely to play a bigger role than ever before, even if some of the pocketbooks are those of the cybersecurity industrial complex.
State regulation is ramping up as well, for example, with Connecticut promulgating uniquely stringent security and incident response requirements for health insurers and state agency contractors and, as of October 1st, becoming the first state to require identity protection services in response to a breach. The language, for fellow breach coaches, is “offer…appropriate identity theft prevention services and, if applicable, identity theft mitigation services.”
As I have put you through paroxysms to plead, however, national cyber-strategy must not limit itself to present protection and pocketbooks; it must focus also on the education of children. That is why the most hopeful sign of cyber-seriousness in the past week may be this one from New York City. For this week, however, let’s focus on what can be done in the short term between the two great cyber-powers.