Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before Congress, warning about the dangers of the internet.
Almost 20 years ago, Chris Wysopal was among a group of hackers who testified before Congress, warning of the dangers of the internet.
Unfortunately, the U. S. government is still struggling to act, Wysopal said. “You’re just going to keep ending up with the status quo,” he said, pointing to the U. S. government’s failure to regulate the tech industry or provide incentives for change.
It’s a feeling that was shared by the experts who attended this week’s RSA cybersecurity show in San Francisco. The U. S. government needs to do more on cybersecurity, but what?
Perhaps, the need for U. S. action hasn’t been more urgent. In last year’s election, Russia was accused of hacking U. S. political groups and figures in an effort to influence the outcome.
In addition, major internet companies, including Yahoo, have reported huge data breaches, one of which exposed details to a billion user accounts.
The list of problems goes on and on. However, what the U. S. government’s role should be in cybersecurity isn’t as clear-cut as one might think. That’s because most of the IT infrastructure is in the hands of the private sector, which is constantly churning out new — and sometimes vulnerable — tech products. But the private sector is not a big fan of regulation.
“Every year, people talk about improved collaboration between the public and private sectors,” said RSA CTO Zulfikar Ramzan. “And of course, every year, it feels like we haven’t made that much progress. ”
RSA CTO Zulfikar Ramzan speaks at RSA 2017.
He predicts the state of cybersecurity will get worse before it gets better. One relatively simple hack involving a phishing email can affect an entire U. S. election, like it did, last year.
Ramzan recommends that the U. S. fully outline the public and private sectors’ roles in cybersecurity, as opposed to leaving this muddled.
