Priorities

This editorial was originally published in The Virginian-Pilot on 12/18/2018

MEMBERS OF Congress, other government leaders and the private sector should heed Virginia Sen. Mark Warner’s call for a major overhaul of the nation’s approach to cyber security.

The technology that pervades our lives on almost every level is dangerously vulnerable to hackers, and neither the government nor the private sector is making much progress toward protecting sensitive and private information.

Cyber security seems to be like the old saying about the weather — everybody talks about it, but nobody does anything about it.

In recent years, we’ve seen a rash of data breaches resulting in identity theft and fraudulent charges on credit cards. In 2013, a data breach at Target stores exposed 41 million customer payment cards. More recently, data breaches have exposed the personal data of millions of customers of the Marriott hotel chain and millions of people whose information was on file with Equifax, the giant credit-reporting company. The list of breaches goes on, with many smaller-scale security lapses causing problems for people but not making headlines.

Then there are the hacking attacks on social media, which range from mildly annoying to downright sinister, such as the Russian efforts to spread false information during our 2016 presidential campaign.

Even more alarming are the threats to national security, including the potential for cyber attacks on critical defense systems. The United States’ heavy use of technology and the Internet means it has highly sophisticated tools, but it also means it is especially vulnerable to cyber attacks. As home to some of the nation’s most important military installations, Hampton Roads and other areas of Virginia have a special interest in beefing up security.

Warner has good reason to be concerned, not only because he represents Virginia, but also as the ranking Democrat on the Senate Intelligence Committee. With U.S. Sen. Richard Burr of North Carolina, the committee chairman, he’s leading the Senate’s investigation into Russia’s meddling in the 2016 election.

In a recent speech, Warner pointed out that despite lots of committee meetings and other talk, the government has failed to come up with a strong, workable plan to defend the country against cyber attacks and efforts to spread disinformation.

Among other measures, he called for more investment in cyber security at the Pentagon. He also criticized the Trump administration for cuts to cyber offices at the White House and the State Department.

Departing from the conventional governmental wisdom, Warner called for outlining predetermined responses to cyber attacks mounted by other nations, such as sanctions and even military action in extreme cases.

There will be differences of opinion and room for debate, but Warner reminds us that every day without action is another day at risk.

Meanwhile, a new report in the House of Representatives suggests interest in cyber security there as well, even as it makes clear some of the major obstacles.

The investigations panel of the House Energy and Commerce Committee, which tackled the problem after the data breach at Target five years ago, issued a report with suggestions for the Democratic majority that will take over next year. The fact that the committee has been working since 2013 with few results speaks volumes.

The report warns that making changes will be difficult because so much of the Internet is owned by the private sector, but any successful approach must include government leadership. So far, government and industry have shied away from regulations that would require better cyber security in private business.

The report suggests some strategies, such as creating incentives to encourage consumers to abandon aged, insecure technology more quickly. That’s a real problem when expensive devices are rapidly outdated.

The House committee talked about coming up with a “holistic” approach to cyber security.

It should be clear to everyone that we’re all in this together — private citizens, tech companies, social media, government, the military. We’re all vulnerable to annoying hackers and more sinister cyber attacks, and we all need better defenses.

It makes sense that government should play a leading role in developing that strong defense. It’s time to move beyond endless talking and do something about cyber security.