Re “Critical industries at risk but no easy fix” (Business, June 7): In his comprehensive coverage of ransomware attacks against American companies and infrastructure, Hiawatha Bray reports that industry analysts suggest that “the United States must deploy a complex array of legal, technical, and even diplomatic tools to crack down on the ransomware gangs.” Similarly, a former deputy assistant US attorney general “calls for more aggressive prosecution of cyber criminals.”
These proposals suggest that we can address ransomware and other cyber threats through legal and financial means and implied “technical” countermeasures. More likely, this approach will lead to a never-ending cyber arms race.
Rather than playing only offense in dealing with cybercrime, the United States must strengthen its cyber defense. Yes, there will be a role for the Defense Department to play in providing cyber defense, but every government agency and commercial entity must also take responsibility.
Government regulation of commercial aviation safety suggests one model that could be effective in promoting broader adoption of industry-standard cyber protections. Fines for cyber negligence are another.
Without regulatory pressure and financial incentives to invest in good cybersecurity hygiene, corporations and public entities will fail to accept and effectively manage cyber risks, leaving our economy and lives in peril.