President Obama recognized when he took office in 2009 that ‘cyber threat is one of the most serious economic and national security challenges we face as a nation’.
This remains true five years later: cyber security breaches continue to occur, data continues to be lost, consumer confidence continues to fall, and the losses to American business in terms of financial and reputational damage are incalculable. According to recent research, the average cost of information security failures to US companies last year was $3.5 million, up 15% on the previous year. With so many organizations failing to report their losses this can only be a ballpark figure. The reality could be far worse.
The President has continued to support improved cyber security measures: in 2012 the Cybersecurity Act 2012, a Bill urging the creation of voluntary best-practice standards for the protection of key national infrastructure from cyber attacks, was proposed. Despite receiving the backing of several military chiefs, the Bill was defeated by the Republicans.
In 2013 the President proposed the Executive Order: Improving Critical Infrastructure Cybersecurity, which seeks to increase the speed and flow of information between the public and private sectors in order to better tackle cybersecurity. The Bill has yet to be addressed by Congress.
Until there is a single federal law to address information security in the United States, citizens must rely on a patchwork of often contradictory regulations, state laws, industry-specific federal laws and international recommendations.