Lynn’s proposals are provocative. But the strategy could be costly and perhaps cumbersome, and it involves threats that aren’t well understood by the public — even by many of the companies that could be targets of attacks. So the first order of business should be more public information: Everyone needs to understand the risks of attack, and the costs and benefits of mobilizing against it.
In the debate about cyberstrategy, I hope officials will recognize the dangers of militarizing the global highway for commerce and communication. Of course we want to protect ourselves against threats. But as with human viruses, hostile computer bugs will evade our best efforts at quarantine. A new (and expensive) obsession with cybersecurity is not what this traumatized country needs.
The take-away from this summary seems to be that while the number of incidents has risen, the impact of those incidents in terms of losses has continued to decrease. What’s more, lack of security awareness by insiders remains a significant source of losses.