In recent years cyber attacks on businesses and individuals have become increasingly severe and widespread. Data breaches at major banks and retailers have concerned cyber security experts and lawmakers alike. While attacks on national and international entities make the biggest news, state and local attacks tend to be overlooked.
On Oct. 20, New Jersey Assemblyman Jon Bramnick (R-Westfield) hosted a summit at Kean University with an emphasis on cyber security at the local level. Bramnick wanted to have a conversation about cyber security that could be more easily understood by laymen.
“I’ve been to too many panels, too many seminars and legal education seminars where I was bored. So we’re going to make sure that we get answers that are crisp, short, clear, or we’re going to move on,” Bramnick said.
At the summit, Bramnick asked why there has been a rash of cyberattacks on private businesses recently. “Cyberspace has really low barriers to entry … Actors can obfuscate their operations on a day-to-day basis … It’s so easy to get in the game,” answered David Weinstein, cyber-security adviser for the New Jersey Office of Homeland Security & Preparedness.
While recent data breaches at JP Morgan, Target and Home Depot attracted headlines for many weeks, what tends to go underreported are the breaches that occur locally.
“This is why, on the state level, we were increasing our focus on education, awareness, promoting best practices and also technical skills,” Weinstein said.
If large corporations like JP Morgan and Target are vulnerable to cyberattacks, Bramnick asked, how can smaller companies and individuals protect themselves? Also, how can small businesses reduce the risk of a data breach? “It would seem to me that, if JP Morgan isn’t protected, we’re all in trouble.”
The best way to mitigate further attacks would be to increase the communications flow among international, federal, state and local authorities, and with businesses, about threats and safety measures, Weinstein said. Right now, communications in this domain are impaired, a situation that he referred to as “trouble connecting the dots.”
Different public and private entities have trouble sharing information about pending threats, which can originate from anywhere around the globe. Government entities may have a hard time alerting vulnerable businesses about attacks that are imminent, and businesses may have a hard time alerting the government about attacks that have occurred.
Reflecting his concerns as a legislator, Bramnick noted that, while information sharing is a worthwhile way to ensure greater cyber security, private businesses may be obligated to reveal information that’s confidential, and that could be subject to disclosure if provided to the government.
The assemblyman hinted during the panel discussion that he might consider introducing legislation mandating that companies hand over information about cyberattacks they have experienced.
“We need to have a mature conversation about how we can manage the private sector’s risks when it comes to sharing information …Tell us what your concerns are with sharing confidential information …That conversation is playing out on the federal level,” Weinstein said.