In a crisis, is government intervention in private enterprise networks/systems necessary?

Think back to the Office of Personnel Management (OPM) breach of 2015. The US government’s cybersecurity budget in 2015 was $37 million dollars. In 2017 the presidential records show that it was $19 billion dollars. It would be a farce for the government to tell critical infrastructure how to do cybersecurity when their largest data trove is probably less protected than data stored by any one of the companies targeted by the FBI action. Cybersecurity is the only security where the government says, "You're on your own. Hope you guys can hire some good people and buy some expensive tech." Companies don't typically have their own anti-aircraft guns on top of their buildings. We rely on the police. We rely on services.

Anonymous Author
Think back to the Office of Personnel Management (OPM) breach of 2015. The US government’s cybersecurity budget in 2015 was $37 million dollars. In 2017 the presidential records show that it was $19 billion dollars. It would be a farce for the government to tell critical infrastructure how to do cybersecurity when their largest data trove is probably less protected than data stored by any one of the companies targeted by the FBI action. Cybersecurity is the only security where the government says, "You're on your own. Hope you guys can hire some good people and buy some expensive tech." Companies don't typically have their own anti-aircraft guns on top of their buildings. We rely on the police. We rely on services.
0 upvotes
Anonymous Author
In the case of critical infrastructure there is a lot to discuss regarding how far the government should go to protect the country, even if private enterprises are involved. I think it's healthy to have these conversations. Capitalism and private enterprise are great, but at some point you have to figure out how to protect yourself. It would be healthy for the government to go further in some critical infrastructure areas to take ownership of protecting the country. Maybe they should move the guardrails before the crisis happens so that the government has more ownership and involvement in critical infrastructure specifically.
1 upvotes
Anonymous Author
The issues Zoom faced last year were at least problematic for some companies and definitely threatening for others, as data was being piped through data centers in certain countries. What would have happened if they hadn’t responded to the problem? You can walk away from that business, but what if their service is critical, especially in a pandemic? We have to define what makes a critical situation.
1 upvotes
Anonymous Author
It becomes really context based. I have never called the government and asked them for help with any incident that I have ever managed. I never informed them early in the process, excluding minor instances when I had knowledge that I knew would help them find and mitigate other issues. But in those cases the government still stayed on the other side of the system. I gave them snippets of information when and how I wanted to because I didn’t want them in the middle of my investigations.
0 upvotes