Cyber Insecurity

[Commentary] Much of the debate around cybersecurity, particularly in Congress, would lead you to believe that we face technical challenges that are nearly insurmountable, and that our best bet is to institute some form of better information sharing between the government and the private sector to come up with better guidelines for software vulnerability disclosure. These solutions, if crafted carefully, do have potential. They do not, however, address the real problem.

Despite the narrative, the crux of our current cyber problem is largely not technical at all, but instead comes down to organizational behavior. Bad security practices and poor investment in Office of Personnel Management’s IT security are largely culpable for that hack, and Sony was compromised via basic social engineering. The humans were the weaknesses in the system that the bad guys sought to exploit. These are the vulnerabilities that are in the most urgent need of patching.