The Washington Post’s editorial board cites forthcoming Cyber Statecraft Initiative report Beyond Data Breaches: Global Interconnections of Cyber Risk:
We’re tempted to say this ought to be a wake-up call, but we have already had so many wake-up calls. To put it bluntly: As a country and as a society, we have come to depend on a vast, interconnected system; if one small part fails, the impact is widespread. As noted in a forthcoming Atlantic Council report, the Internet was created to be based on trust, not security. Finances, news and social media, medical systems, universities, science, transportation, energy flows, national defense and almost anything else you can think of depend on it. Yet we continue to discover that it is vulnerable to theft, intrusion and disruption on an appalling scale.
If a tiny piece of malware could steal millions of credit card numbers at Target, or if a bug could make vulnerable the encryption offered by OpenSSL, then what should we think about whether it is safe or wise to control the electric grid via the Internet? We are living in an age of growing danger but reacting with complacency. The administration unveiled a useful initiative on Thursday, promising that sharing cyberthreat information among companies would not bring on antitrust liability. But this, and President Obama’s other measures, including his voluntary cybersecurity framework, represent only what is doable given a continued lack of a consensus in Congress and a failure in the private sector to take all threats more seriously. They are timid measures in the face of an epic heartburn that will be costly for us all.