House Hearings Last Week
Representative Hudgins Announces Cyber Security Bill for 2015
Evidently Washington State’s IT platforms have little downside regarding cybersecurity issues. Department of Licensing (largest amount of citizen data) has major revisions underway, and our overall digital platforms must be safe because there was no mention of security, breach threats or offensive programs when the Washington State CIO testified before the House Appropriations sub-committee Thursday. If committee chair, Zack Hudgins, D-Seattle, had not took fifteen seconds to mention he is working on a cyber security bill for the 2015 session not a whisper of cybercrimes would have been heard in the room. Just the day before the House Education Committee heard about the growing conflicts of freedom of information requirements and the role of protecting student information. If the hearings were any indication, the private sector is the only place cybercrimes are a threat.
Private Sector
With a growing amount of information exchanged and stored online, this holiday season presents a new set of security risks. Industry experts predict the huge amounts of cash that typically flow this time of year will see a surge in cybercrimes for businesses, cities and larger government entities. One report by the computer security company McAfee, estimated that such crimes cost the global economy $500 billion annually in identity theft and fraud.
Recognizing the threat, industry experts and lawmakers across Washington state have taken a growing interest in its own cybersecurity.
To begin with, there’s no silver bullet—no magic single solution,” says Barbara Endicott-Popovsky, a professor with the University of Washington Tacoma and director of the Center for Information Assurance and Cybersecurity (CIAC). “We haven’t got our arms around the problem—it is dynamically growing and changing, a moving target. To solve it, we have to first identify and define it—this is true of solving any problem—you need to name it and understand it, but much of society does not even understand we have a serious cybersecurity problem.”
Part of that difficulty, says Endicott, lies in the wide range of cybercrimes committed. It is everything from a consumer’s compromised credit card to the stealing of intellectual property: “Part of it (the lack of society awareness) is, we don’t feel the immediate impacts and consequences. Banks cover the cost [of a fraudulent charge], but businesses can’t eat the [the cost] all the time. So this all comes out of the price of goods and we pay in the end—although may not be aware of how much. [Cyber crimes also] have involved trillions of dollars of intellectual property moved to China in what is essentially stealing.”
And that has left policymakers and legislators to build a defense on a little-understood new frontier. In Seattle, following surveillance technology controversies like the police department’s acquiring of two helicopter drones in 2012 and a national push for body cameras on officers, the city has formed a privacy initiative to begin to grapple with such big questions of how data is handled, used and destroyed. A nine-person committee will inform the inter-departmental team on a more defined set of privacy guidelines.
McKenna and Microsoft
In January, former Attorney General Rob McKenna and Tyson Storch of Microsoft will lead a seminar on Cybersecurity Law, addressing recent breaches, opportunities for public-private cooperation and the inherent tension between security and civil liberties.
Endicott points also to a regional alert system, known as PRISEM (not to be confused with the NSA’s clandestine anti-terrorism data surveillance system, PRISM, which was leaked to media outlets by Edward Snowden). The statewide cybersecurity project is funded the Department of Homeland Security and is setting the pace for the rest of the country as far as cyber defense goes, says Endicott. In real-time, the system processes event logs for six maritime ports, seven cities and counties, among a host of other partners. Many industry experts predict it will serve as a model for similar systems in other states. By sharing an early-warning threat in Seattle, PRISEM can predict and nip potential terrorist attacks and aid smaller cities and state agencies that typically don’t have the dollars to staff a full IT department. Experts call it a “community watch” for cyber crime.
Federal Level
At a federal level, CISPA, a cybersecurity bill now in the House would create a legal definition or safe harbor for the exchange of cybersecurity information between companies and government agencies wary of breaching privacy rights.
“It would be very helpful to see activity in terms of how companies exchange information [on cyber threats],” says Lars Harvey, CEO of the Tacoma-based company, IID.
While risk may never be completely eliminated, says Endicott, it can be managed and mitigated.
“There are a lot of great things happening,” Endicott said. “However, as we come up with fixes, you run the risk of poking the balloon in one place and [having it] pop somewhere else with unintended consequences. [Cybersecurity] really requires intelligent awareness about what we’ve done to ourselves with our dependence on information technology and an understanding of how information technology works before we begin making fixes that may result in more and different problems elsewhere.”
Your support matters.
Public service journalism is important today as ever. If you get something from our coverage, please consider making a donation to support our work. Thanks for reading our stuff.
