The U.S. spends a lot of money—Congressionally encumbered funds, but also unknown/untold amounts of money on its domestic, international and military-based espionage and intelligence activities.
You’d think the U.S. was getting a good deal. Yet its citizenry is being robbed blind—and frequently. A mysterious hacking group, APT6, has been noodling around inside our infrastructure for years undetected until recently.
This is to say: the greatest “superpower” on planet Earth has let the Office of Personnel Management (OPM), IRS and only heaven knows what infrastructure get cracked open like an egg. Your data, my data, yes, our information assets are in some cache resting in some dark data center somewhere—but not in the original spot where it belonged.
No one seems to be screaming. No one seems to realize that this is a 9/11 without the nearly 3,000 deaths from the World Trade Center disaster—just the same asset damage, if not more.
The amount of exfiltrated data is unknown. There isn’t a politician out there who wants to open this Pandora’s box of blithe stupidity, and so it’s swept under the rug—again.
Now the FBI is sending CyberAlerts, as if they actually know something about them. The American Bar Association’s CyberSecurty Legal Task Force will now distribute these alerts to its members who sign up for the information. This isn’t quite the blind leading the blind, but I’m reminded of that phrase.
Why isn’t a hard-charging politician taking the lead to shore up the cybersecurity infrastructure of our collective assets in the U.S.? Because it costs money and requires astute public policy.
We built the FCC when broadcasting and military and amateur communications clashed with each other.
We built the FAA when planes crashed and killed people.
We created the Federal Food, Drug and Cosmetics Act, which led to rigorous controls (now chronically underfunded) to keep people from being poisoned or administered by quacks.
In a corporate world, you get a CEO’s attention when you can fine them into a deep crater.
And so we need the fortitude and public will to inaugurate the Federal Data Commission. It would be funded by the hardware, software and systems vendors—no matter if they’re domestic or imported services—including those provisioned across international boundaries.
We first shore up critical infrastructure, wholesale, and with haste—including the IRS and the Federal Reserve Banks. Then we protect the major communications assets (especially transportation and food safety) and data storage assets. We apply similar metrics to every ISP, managed service provider (MSP) and content delivery network (CDN), paying special attention to the data assets of ordinary citizens.
And we do it comprehensively. We don’t screw around with closed-door meetings, second-string players and bribes/campaign contribution rubrics.
We just do it. And we take no prisoners, as this is our asset: communications infrastructure security.