NYT Buries the Ineffective CyberSecurity Lede
The NYT has a story today headlined,
Senate Rejects Measure to Strengthen Cybersecurity
The bills before Congress would not directly address the attack on the Office of Personnel Management systems, which resulted from a series of missteps that included the use of outdated detection technology, a failure to employ basic authentication techniques most Americans use for online banking, having not acted on previous security recommendations, and a lack of encryption on the data.
However, the attack bore a similar signature as those on two insurance companies and underscored the overall need for Congress to advance new policies, experts said.
“It is as clear as a bell to me that this is case and point in favor of information sharing,” said Paul Kurtz, who worked on the issue under in the Clinton, Bush and Obama administrations, and is the chief executive of TruStar, which aids companies in information sharing. “It is really terribly unfortunate that this measure failed because of the politics on Capitol Hill.”
It’s all very nice for the NYT to “report” this as a matter of Congressional dysfunction — as an example of stupid politics getting in the way of protecting the country. But even the evidence the story itself presents suggests a different story: the solution being pursued by Congress would not actually fix our most urgent cybersecurity problems. The real story is about Congressional dysfunction, but of a different kind.
Indeed, the lede and headline of the story should be something like,
Congress Responds to Devastating Hack by Pushing Bill that Wouldn’t Help
Had the NYT reported that story, it might have found far more experts, who would explain in more detail why there are a long list of things we should do before facilitating information sharing with expansive immunity and obscurity.
But somehow, it didn’t report that story, even though that’s what the evidence it presents supports.