You might find this op-ed by Angus King and Mike Gallegher at the Wall Street Journal on the actions being taken by Congress to deal with cybersecurity interesting. That should be a free link—not paywalled. I won’t bother synopsizing it.
I think that Congress should be using a “carrots and sticks” approach to cybersecurity, e.g. incentives for cooperation and penalties for security failures, but I’m skeptical about the federal government’s ability to do much about cybersecurity. IMO it’s a form of asymmetrical warfare and the organization and predispositions of the federal government are pretty much the opposite of what’s needed. The digital equivalent of “special forces” is needed and IMO that can more easily be provided by the private sector than by government.
AFAICT Russia and China are keeping the hackers at arms length, enough to have plausible deniability that there is no direct govt involvement. We could do the same and make it a point to not pursue or prosecute hackers going after China and Russia targets. That still wont help us catch their hackers.
Steve
Query- Why arent US hackers going after targets in China and Russia? It is a financial model that works. I seriously doubt that the US would put much effort into investigation/prosecution.
Steve
The US does not sponsor hackers, we prosecute them.
Rouge regimes sponsor hackers, AKA Russia, CCP, Iran, Israel, PRK, axis of evil.