By Ivan K. Fong & David G. Delaney | 62 Am. U. L. Rev. 1131 (2013)
It is no exaggeration to state that our nation faces significant and increasing cyberthreats from a range of individual, organized, and state actors. Recent headlines remind us, for example, that malicious actors can easily render tens of thousands of computers inoperable, as was done to Saudi Aramco in August of this year; that distributed denial of service attacks can significantly degrade web services, as was done to several major U.S. banks last month; and that hackers can penetrate the networks of companies operating natural-gas pipelines.
The statistics on cybercrime, data breaches, and loss of personal information are sobering. This year the global cost of cybercrime has been estimated at $110 billion. Between ninety-five and ninety-eight percent of records lost through data breaches contain personal information—that is, data such as names, addresses, e-mails, or social security numbers. In fiscal year 2011, the Secret Service prevented $1.6 billion in potential losses through its cybercrime investigations. And just last year, the United States Computer Emergency Readiness Team, which is DHS’s 24-hour cyber-watch and warning center, responded to more than 106,000 incident reports and released more than 5000 actionable cybersecurity alerts and information products to our public and private sector partners. In short, the threats to our cybersecurity are real, they are serious, and they are urgent.
The good news is that over the past four years DHS has taken significant steps to vastly improve the security of federal government information
systems, enhance cybersecurity for the private sector and non-federal government entities, and promote cybersecurity nationwide, while at the same time recognizing the unique privacy concerns that exist within the cyber sphere. DHS continues to seek improvements in the ways that
government is postured to address these issues, most notably through this Administration’s cybersecurity legislative proposal. Although that effort failed in the Senate last August, the federal government will continue to identify the ways that the nation—through its laws, values, and
institutions—can improve our cyber awareness, readiness, and capabilities.
Indeed, today’s symposium occurs at a particularly fitting time, for this is the final week of National Cyber Security Awareness Month, the overarching theme of which this year is “Achieving Cybersecurity
Together.” The focus for this week is “Digital Literacy and Education,” a perfect topic to bring to this audience. In keeping with these themes, what follows are several steps that can be taken in the coming months and years to adequately prepare for what lies ahead in this vital and dynamic field.