Science and Tech

Actions

Money Hasn't Solved All Of Our Cybersecurity Problems

Despite billion-dollar IT security budgets, the U.S. has suffered more and larger data breaches in recent months.
Posted

In the past year, we've seen a significant upswing in cyberattacks: both in breaches across U.S. industry and government, and in the money spent to fight them.

Attackers have siphoned vast amounts of data from the likes of Home Depot, JP Morgan Chase, Sony and Anthem.

They hit government targets: the White House’s internal networks, the State Department and the Pentagon earlier this year.

The recent breach at the Office of Personnel Management has gone down as one of the worst known breaches of government databases ever.

It's hard to quantify the monetary damage any of these breaches did or could do, but the government does publish what it spends to help counter them.

It allocated $10.3 billion in 2014 to harden federal networks against attack, and the Obama administration proposed $13 billion to do the same in 2015. Last year, the private sector spent some $4.1 billion on IT security. One problem: It's not clear that money is doing a whole lot to help.

"Even though [J.P. Morgan's] Jamie Dimon wrote in his shareholder letter that came out earlier this year that the bank would be spending $250 million through 2014 and hiring more people on cybersecurity, they were still vulnerable to an attack," said The Wall Street Journal's Emily Glazer.

As lawyer Alan Charles Raul writes in the Wall Street Journal: "The big banks, big retailers and big media companies whose hacks make the front pages are not being penetrated because they've skimped on security out of sloth, stupidity or greed."

And there's evidence those massive government budgets still aren't enough to patch all the gaps.

"It only took one government agency that had not taken the simple step of updating its server software to open the door to an unprecedented and alarming cyberattack believed to be by the government of China," said an expert who advises the government. (Video via CNN)

"Part of the problem is we've got very old systems," President Obama said in a speech after the Office of Personnel Management breach. (Video via CNN)

What's worse, the Office of Personnel Management's inspector general warns such breaches are likely to become more frequent. So what do you do?

Legislate it?

"Tonight I urge this congress to finally pass the legislation we need to better meet the threat of evolving cyberattacks. If we don't act, we leave our nation and our economy vulnerable," President Obama said at the 2015 State of the Union. (Video via C-SPAN)

Or force stricter adherence to existing guidelines? Following the OPM breach, the White House ordered federal agencies to tighten up security.

Or maybe it just needs more money. The president's proposed 2016 budget would allocate $14 billion to government cybersecurity: more than it had to work with in 2014 or 2015.

This video includes images from Getty Images, The U.S. Navy, James Keunig / CC BY 3.0 and Stanislav Levin / CC BY 3.0 US. Music by Marcus D. / CC BY NC SA 3.0.