The attacks have hit multiple sectors with far-reaching implications. CNA Financial, a major commercial insurance firm, was recently hit by a massive ransomware attack, crippling its operations until a ransom was paid. In a separate incident, ransomware infected Colonial Pipeline, a fuel pipeline supplying a large portion of the eastern United States, leading to fuel shortages and economic disruption. In an additional instance, hackers attacked the Irish Department of Health, and the system has yet to be restored.
It has become apparent that in a day of cloud computing, artificial intelligence, mobile apps, and automated industry, the economy and society are tied directly into the cyber world across every sector. Consequently, cybersecurity has become more important than ever as criminal actors work harder and harder to exploit the vulnerabilities of a digitally connected world.
Cybersecurity advancements are ultimately a question of who can innovate faster—the good actors versus the bad actors. On the one hand, bad actors exploit security vulnerabilities by using innovative methods to compromise security. On the other hand, cybersecurity developers have the task of trying to stay one step ahead of the cybercriminals. These innovations require aggressive and dynamic steps to beat the hackers at their own game.
However, cybercriminals have an advantage over their cybersecurity counterparts that can often be overlooked. When they run their criminal operations, it is needless to say that they do not generally subject themselves to government policies that might burden legitimate businesses, such as paying high taxes and complying with business regulations. This gives cybercriminals an advantage.
Much of this discussion is similar to the problems with restricting law-abiding citizens from gun ownership. If the law-abiding citizens are restricted from what guns they can defend themselves with, criminals will naturally just violate those same gun laws in order to arm themselves for criminal acts.
In the same way, it is important to note that many of these cybercriminals are members of sophisticated criminal organizations that freely leverage their illegal operating practices to get an edge over their cybersecurity counterparts. While cybersecurity firms are dealing with burdensome policy hurdles such as high taxes, long regulatory approvals, and red tape, cybercriminals can operate with reckless abandon as long they are able to evade law enforcement.
In the wake of cybersecurity compromises, it is easy for government policy to try to intervene and quickly provide short-term proposals for long-term problems by demanding that companies meet certain cybersecurity standards.
Nevertheless, it is unlikely that such standards will likely be able to solve the problem fully. Regulations cannot provide a lasting solution to the dynamic world of cybersecurity. Even those companies that may be fully “government compliant” can still be vastly compromised on the cybersecurity level if they are just trying to meet minimum government standards.
While there have been many calls for expanded government involvement in cybersecurity, the vast nature of the problem gives the government a very low chance of being able to fill the gap on its own.
From a public policy perspective, it is vital to look at the bigger picture. State and national policies should be implemented to encourage innovation itself through regulatory reforms like regulatory sandboxes.
From the business policy angle, policies should be enacted that make it easier for start-ups to launch than before -including start-up cybersecurity firms. This not only lowers the policy burdens placed on cybersecurity firms and expands the amount of economic growth. It catalyzes the variation that is essential to maintain a cybersecurity ecosystem that can quickly evolve and respond to emerging threats.
New companies bring new innovations and ideas to the table. This adds to the arsenal of available security tools.
Implementing policies that promote a business-friendly environment has true potential for greater growth and advancement that carries promises of a more secure cyber-ecosystem. While regulations, tax burdens, and other barriers to tech start-ups may have been overlooked as an issue that affects the United States' ability to have strong cybersecurity, the top-down effects can be felt across every sector.
When market forces are permitted to work freely, the free society will continually develop stronger means to protect itself. This is no less true in the cybersecurity sector. An unhindered free market has the real capability to bring even more strength into the cybersecurity sector and lead the fight to out-innovate malicious cybercriminals.