What could the Obama administration do to help your company with cybersecurity?

What could the Obama administration do to help your company with cybersecurity?

Summary: Ronald Reagan famously said, "The nine most terrifying words in the English language are, 'I'm from the government and I'm here to help.'"

SHARE:

Ronald Reagan famously said, "The nine most terrifying words in the English language are, 'I'm from the government and I'm here to help.'"

The Obama administration is reportedly looking at the economic component of cybersecurity.

In a meeting on July 12, White House Cyber-Security Coordinator Howard Schmidt met with Secretary of Commerce Gary Locke and Department of Homeland Security Secretary Janet Napolitano explored the economic side of online security.

The premise is simple. If the economics favor the attacker (and the ROI for a cyberattack can be enormous), what can the U.S. Government do to level the playing field?

Of course, the solution isn't nearly as simple. It's possible to run a botnet, for example, using a single cheap PC. But it's virtually impossible to defend against a determined DDoS attack without both a lot of effort and a lot of expense.

It appears the administration is looking at how to economically encourage companies to invest more into online defense.

But the obvious question is what does that mean? Does that mean tax incentives for buying or spending on cybersecurity? What sort of impact will that really have?

It is an interesting question. Many companies avoid investing much in cybersecurity because their management doesn't perceive the expense as contributing to the bottom line. As most readers here on ZDNet know, recovering from a cyberattack can be quite costly and it is important to have good defensive measures in place.

If the government implements tax incentives, is this a nod to commercial providers, and where does that leave open source projects?

So, dear readers, I have a small challenge for you. You guys are experts on the topic of IT operations. If the government were to provide help or incentives to defend against cyberattacks, what sort of help or incentives would actually be useful and improve security?

Go ahead and TalkBack below. This is an interesting and important topic, and so it merits considered responses. Let's make this a constructive discussion.

Topics: Government, Malware, Open Source, Security

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

45 comments
Log in or register to join the discussion
  • One word: NOTHING

    Your company, your responsibility. Tax payer money should not be used to fix incompetence and irresponsibility of the private industry.

    It is bad enough that the debt was QUADRUPLED to bail out incompetent CEOs and scammers (GM & banks), we now have IDIOTS asking the government to pay for the security of private networks.

    Want cyber-security?? Pay for it yourself. O better yet, send somebody to training and learn how to do the work using open source tools.
    wackoae
    • RE: What could the Obama administration do to help your company with cybersecurity?

      @wackoae Tax incentives for companies who improve security of customer information MIGHT be in order if the government stays out of the business. Help in avoiding or recovering from a denial of service attack should be out of the question. If a company looses money because they have not protected themselves it is their own problem. If their customers (the tax payers) are compromised because of the company's lax security it is a problem for all of us. At the least a company should not only be required to "make good" any losses the customer suffers but to pay a fine for their careless disregard for the safety of the customers information.
      wlwaugh@...
  • Stay away

    Anything the govrnment touches it screws up.
    The government should stay the hell out of private business.
    NICKCO18
    • RE: What could the Obama administration do to help your company with cybersecurity?

      @NICKCO18 <br>You've got be kidding, right? BP just blew out 100+ million gallons of oil all over the Gulf Coast. The idea that big business is a paradigm of intelligence or competence is an absurd proposition. That's been made abundantly clear. Their CEO is a fool who put his foot so deep into his mouth he's going to need stomach surgery. This is the head of a multi-hundred-billion dollar company? This is who we should turn over the keys to the kingdom to?<br><br>The bribery that characterized oil-company interactions with the MMS is a gift from the previous administration. This one should have taken that agency apart limb-by-limb and put real regulators in there, not the lackeys and idiots who've been staffing so many of these agencies. Pardon me that would require 60 votes wouldn't it? That sort of "democracy" isn't happening these days. I forgot.<br><br>The oil men who were running the show did the same thing for their "bidness" that the "smartest guys in the room", the stiffs at the Federal Reserve, did for Wall Street, pave the way for complete de-regulation - no guidelines, no oversight, and a bunch of hacks overseeing them, hacks who all had their roots in "business".<br><br>The orgy of de-regulation didn't start with them. It's a remnant of the same administration that gave us Donald Regan. In his role as Treasury Secretary that "businessman" slid over from Wall Street for one reason alone: to get the ball rolling on complete de-regulation of financial "innovation". That's a Rube Goldberg contraption, filled with CDOs, default swaps, and other endless arcane computer-created chaos, none of which the suits had a handle on in the end. It simply overwhelmed the "smartest guys in the room".<br><br>Just as oil de-regulation has wiped out families and jobs on the Gulf Coast, 8 million+ jobs have been blown out of the water by Wall street.<br><br>There will be endless long term repercussions, economic, psychological, physical violence, drug abuse, you name it it's already emerging. Who do you think will pay for that? Goldman Sachs? BP? It's you and me, thanks to our collective unwillingness to bring the foolish, incompetent, unprofessional, bloated "big" businessmen to heel years ago.<br><br>Get lost.
      Norm Cimon
  • How about...

    ...adopting policies of fiscal responsibility, repealing the massive government takeover of our health care, and lowering taxes? Most of us are more than aware of cybersecurity, but if we are driven out of business by the financial idiocracy that has dominated Washington for these last few decades it really won't matter what steps we take.

    Likewise, even if the new Cyber-Security Coordinator actually knows what he is doing (which I highly doubt), it won't amount to a hill of beans if the government spends itself into financial collapse. Forgive my pessimism, but this strikes me as arguing about what music the band should be playing while the Titanic slips to its watery grave.

    Besides, the last thing most of us want is for the government to have yet another excuse to meddle in our affairs. I am not a big fan of Ronald Reagan, but his message in your quote was spot on.
    itpro_z
  • There is always a balance

    As in IT, an increase in security can appear to result in a lowering of usability (not exactly but many see it as such).

    Likewise, the more government we have, regardless of where, it seems we have less freedom.

    Would anyone argue that if the government takes more money from you in taxes that you have less freedom?

    Would anyone argue that more regulation in any form may potentially take away some or much freedom?

    Of course we all must give a little, such as with our neighbors not being able to dump oil in their backyard, or leave pallets of dead car batteries next to a park.

    But we must be willing to accept less freedom for the added benefit of something...but is that something though and what do we give up?
    Webbywarehouse
  • Nothing

    1. The government does nothing for physical security in most industries; they should not get involved in "online" security either.
    2. Doesn't most real corporate damage come from insiders? How will improving external defenses help?
    aep528
  • RE: What could the Obama administration do to help your company with cybersecurity?

    The best thing they could do is stay completely away from it. Centralizing solutions also centralizes failures. Diversity is the best protection.
    hayneiii@...
  • WATCH OUT...MORE TAXES.

    I think it's always important to consider who would profit from legislation of any kind. If the govt is smart, it should let economies of scale take over, befriend the private sector, and let the experts do their thing. Bigger govt is bad for the American people. Real jobs are created in the private sector. So help the private sector grow.
    rubenthevp
  • RE: What could the Obama administration do to help your company with cybersecurity?

    They should order the InZerosystems security devices and as the volume goes up, the prices should fall, and then, soho and home-users can afford to buy them... The ONLY TOTAL security in the industry, absolutely! Certified!
    Paul@...
  • Soliciting votes

    Implement and enforce xxx domain zone for porn smutmeisters.

    Hang a few spammers to set an example (then a few more for good measure, then say, a dozen more just cuz).

    Ditto re organized netcrime rings (any found on cooperative shores). Budget for 100 ropes at the outset.

    Lay off (permanently) 50% of the federal work force, no ifs, ands or butts. Start the mandate with the Immigration Department (90% reduction). Provision to lay off 25% more feds within the following 3 years if the surviving gaggle refuse to pick up the slack and cover the resultant deficit.

    Give each law-abiding, non-alien American Joe a record breaking, mother-of-all TAX REBATE CHECK from the resultant savings!

    Declare DAY OF RELIEF national holiday to get drunk and celebrate your newfound good fortune.

    Hire me as Yankee Crime Czar and all-purpose Bad Boy to put the wheels in motion.
    klumper
    • wow...you should be in politics.

      @klumper

      you've got a future!
      SonofaSailor
      • One vote's a start

        @SonofaSailor <br><br>But one nagging question remains: Am I <b>PC</b> enough for any <b>P</b>olitical <b>C</b>retin future?<br><br>Note that if I couldn't hang the miscreants by their scrawny necks, I'd settle for their thumbs (in the name of PC "compassion"). Keyboard c&c'ers no more!<br><br>Everything on the feds stands though. You have my word. ;)

        Thanks for your patronage.
        klumper
    • RE: What could the Obama administration do to help your company with cybersecurity?

      @klumper
      Now, now, the word "hang" is definitely not PC. :)
      msdead
  • RE: What could the Obama administration do to help your company with cybersecurity?

    Start with physical security, secure our borders!
    JB Tucson
    • yeah because if they don't have local access...

      @JB Tucson

      they can't much damage huh?
      SonofaSailor
  • US National Security depends on private sector security

    Some 85% of critical infrastructure in the US is owned and operated by the private sector. Pipelines, power stations, switchboards, medical supply chains...you name it. The US is highly dependent on the internet for normal operations but is astounding insecure to cyber attack. The nation depends on private firms but they are woefully unprepared to defend themselves from logic bombs and other nasty cyber weapons. The Chinese have already been caught planting kill switches at power companies. I resist government intrusion into business with the best of them am not willing to put my family's safety in case of attack in the hands of some gutted IT security budget administrator looking out for his small part of the pie. These private firms must face up to their responsibility and do their part to protect the country. The US government must enable that with a clear plan, standards, and rigorous enforcement. Those advocating a "do nothing" approach do the US a vast disservice and advocate a path that imperils the security of its citizens.
    StartUpper
    • RE: What could the Obama administration do to help your company with cybersecurity?

      @StartUpper
      The problem is the "government" is the biggest slacker in security. When the "government" has employees replying to scams during work hours or using government property for their own personal use it looks like federal administration security should start with the federal administration. If the feds rely on commercial applications for security there should be backed by checks and severe financial fines for slack programming and we know by EULA's that won't happen.
      btw, remember, we are the government. We only allow what happens by choice.
      msdead
  • RE: What could the Obama administration do to help your company with cybersecurity?

    What could the Obama administration do to help your company with cybersecurity?!<br>The Other way Around :<br>What could Obama administration help our small<br>Business help USA Gov to work Smarter and more secure with our partners <br>as that is what our company is aimed for<br>Sam<br>ceo/cto Chana Systems
    Samuel C.
  • RE: What could the Obama administration do to help your company with cybersecurity?

    There are things the government can do, things that private industry either can't do or won't do to protect itself. If you find that your home has been burglerized, do you call private industry to report the crime or do you call the police? There are laws that can be used for fraud, theft and malicious activity. Private industry can help by working out security standards and practices, but it would take a government to make those standards enforceable.

    It would be nice if the sources of malware could be stopped but this is a stateless activity that crosses international borders. The government can work to find an international agreement to break up the bot nets and aggressively prosecute the script kiddies as well as the other cybercriminals.

    Government can act like the 800 pound gorilla and bring havoc into everyone's lives; but that same 800 pound gorilla can also help us in ways that private industry can not. It is the gap between ideals and reality that make cynism of government actions rampant.
    sboverie