Cyber-curing what ails us will demand global remedies

Earlier this week (January 13, 2015), President Obama unveiled a slew of proposed cybersecurity-related initiatives, ranging from updated cyber-information sharing legislation to empowering and re-tooling law enforcement to battle cyber-crime; from new data breach reporting requirements to a February 2015 White House Summit on protecting consumers online.

These are all laudable initiatives, indeed, necessary initiatives (although, in light of countless Snowden-unveiled tidbits over the last couple of years, I have my worries about overly-broadly better-empowering law enforcement which, in cahoots with U.S. intelligence agencies, seems to have demonstrated a frighteningly consistent pattern of abuse of such power).

But, to some extent, these proposed initiatives all miss the broader and more critical point: Cyberspace is global, borderless. And, so too, is cyber-malice.  Thus, until and unless the Administration devotes similar – indeed, more forceful - attention to identifying and agreeing globally-applicable disciplines, domestic remedies such as proposed may be challenged to succeed, at least in the grand cyber-scale of things.

Yes, the proposed information sharing legislation would enable the public and private sector to better exchange information about and better analyze, understand and effectively address cyber threats, as well as better safeguard Americans’ personal privacy through the institution of stricter requirements for private companies that collect or use personal data.

Yes, modernizing the legal ecosystem to allow for the prosecution of the sale of things like spyware used to stalk or commit ID theft, as well as the criminalization of the overseas sale of stolen U.S credit card and bank account numbers, and the granting of authority to courts to shut down botnets engaged in DDOS attacks and other criminal activity, are all good and necessary things.

Yes, simplifying and standardizing existing State laws that require businesses to notify consumers of data breaches and corralling them into one Federal statute should indeed serve to both better incent businesses to upgrade their cybersecurity and, thus, better stem the tide of identity theft, financial compromise, etc. 

And, yes, the proposed February 13 “White House Summit on Cybersecurity and Consumer Protection” at Stanford - which will include Administration leaders, CEOs from a range of industries, law enforcement representatives, consumer advocates and technical experts – cannot help but contribute constructively to better educating and protecting American consumers and companies.

These initiatives all seem to acknowledge the need to restore consumer and corporate trust in the networks that power our digital lives and livelihoods, as well as the integrity of the data that funnels through or resides in such networks.  This is a good thing (notwithstanding that the initiatives seem to utterly ignore widespread concerns related to U.S. Government domestic surveillance, espionage, etc.).

While a “fortress America” approach to cybersecurity might be a welcome panacea for the masses, it is insufficient to deal with more global and more potentially devastating cyber-threats, whether Government-spawned malware like Stuxnet, massive-scale DDOS attacks, the theft of billions in intellectual property, or, the big fear, the disruption or destruction of critical infrastructure.

Pre-Snowden, the Administration was quite bullish on setting and enforcing global cyber norms and standards.  As Snowden’s Revelations have wreaked havoc on America’s cyber credibility, the U.S. seems to have hunkered down, shying away from the lead on global solutions, and, by virtue of that seeming withdrawal, to some extent actually perpetuating global insecurities and vulnerabilities.

This week’s White House announcements were heartening, and, hopefully, will lead to an improved State of the cyber-Union, as well as some level of restored confidence in the integrity of networks and data.  However, these initiatives are but domestic pieces of a much bigger global puzzle, the completion of which should remain of the highest priority to U.S. authorities if the domestic initiatives are to be truly meaningful in the long-term.