Cyber attacks are a danger we face on a grand scale, not just as individuals, but as a country.
The past few years, America has been quietly (and not-so quietly) hit by one wave after another of devastating hacks. Last week, as this blog discussed, the government gave a long-overdue response to the matter of cyber-security. During his State of the Union address, President Obama announced that he had signed an executive order taking action against digital security breaches.
The President went on to identify key areas of our infrastructure that might come under attack, saying, "our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems."
If it still sounds far-fetched, consider that just this past year has seen an astounding number of attacks on oil, natural gas and electricity structures in the U.S. Hackers raided these systems for information, and the number of strikes was up more than 50 percent higher than what it was in 2011, according to the Department of Homeland Security (DHS).
Having spent the last eight years speaking around the world on how mission critical information is exposed through technology and human carelessness, I've learned one disturbing rule of thumb: In the world of prevention, change only happens in the wake of disaster.
We are so desperately in love with the convenience of the internet and addictive connectivity that we don't even consider the risks until we have been struck across the face by them. We don't watch our cholesterol until after the first heart attack. We don't allow a substantive conversation on gun control until after Sandy Hook (and Columbine and Aurora and Virginia Tech and dozens of others). And we won't take the threat of cyber terrorism, extortion, warfare or even personal online privacy seriously until an equivalent disaster wakes us from our dreamy affair with our iPad.
You may be wondering, "Why hasn't something been done about this already?" Well, ask Senator John McCain. There were efforts made last year to pass legislation that would allow the DHS to put security standards into effect, but in November, McCain and other Senate Republicans defeated the bill. This undoubtedly was part of the reason the President took it upon himself to spotlight this issue.
Again, businesses won't see that this type of protection is actually in their long-term interests until after they have lost billions of dollars due to a data security breach. I bet the Wall Street Journal and New York Times understand those costs now much better than they did a month ago. But are they acting on that change in cyber-view?
We are like teenagers who refuse to wear seat belts because "if we crash, we'll die anyway." We use the excuse that our best efforts won't be enough to justify doing nothing. To be realistic, here's how legislative change will have to happen:
1. The U.S. will experience the digital equivalent of a terrorist catastrophe (imagine hackers shutting down air traffic control over NYC for a day).
2. Powerful non-technical influencers (movie stars, billionaires, unsullied politicians, beloved media figures) will take up the cause and demand change (imagine Justin Bieber organizing a Cyber Awareness Concert after his Facebook Profile is taken over – I'm not really kidding here)
3. Technical cyber professionals and privacy experts will already have a 10-point implementation plan designed and ready to implement to take advantage of America's 140–character attention span and
4. Popular opinion will pressure Congress and the President to take concrete steps to begin protecting our vital infrastructure.
A devastating cyber attack will occur, but will the post-event campaign be ready on the day after? America is looking for a clear, resonant voice who can make that happen.
John Sileo is a data security expert and keynote speaker on social media privacy, identity theft and fraud. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent work on 60 Minutes, Anderson Cooper and Fox Business.