Government needs to rethink cybersecurity approach
Attend any speech by a current or former defense official these days, and you will likely hear a description of the grave threat posed by cyberattacks, particularly to the financial system.
Yet to date those speeches have failed to question the existing paradigm for cyber defense: critical civilian infrastructures defending themselves; regulators supervising that defense; and law enforcement and intelligence communities providing ad hoc assistance. If we are to defend financial services and other civilian infrastructure (power, telecom), that paradigm should be rethought.
Consider that if a major U.S. bank suffered an anthrax or missile attack, no one would ask its regulators to testify about the attack, and no one would expect them to write more regulations to prevent a recurrence. But if a major U.S. bank were to suffer a cyberattack, that is precisely what would happen — even though the most serious attacks now generally come from foreign actors, including nation states and foreign crime syndicates.