As part of an initiative here @Vormetric to better connect IT Security back to people's ordinary lives, we recently conducted a nationwide poll to ask a question about what people feel needs to be done if a foreign power is found to be behind hacks against the U.S. Government agencies. It wasn't a complicated survey, as we were polling people from all walks of life, not just those concerned about technology, or even in our particular patch - IT security.
The reason we've started this initiative, is that with the frequency and seriousness of data breaches, criminal cyber attacks, hactivist activities and also the doings of nation states - these effects are starting to make their way from a business problem (or government one) into the realm of the personal.
People lives are being affected by these attacks. The poster child for this is the recent OPM breach, which the FBI has publicly stated originated with China. Fingerprints of over a million people were lost, along with the private information of just about anyone who has had a security clearance or applied for one in the last 15 years or more. 21.5 million people. Even Congress is recognizing how serious this is and working on amelioration for victims.
So, as a start we asked people what they thought the U.S. should do about a hack of that type. Find the full question and answer set at the bottom of the blog.
What we found was that Americans today lean towards diplomatic responses:
- Initiating talks between the U.S. president and the country’s leaders to stop future data breaches (45 percent)
- Imposing trade sanctions on the country’s goods (36 percent)
- Imposing diplomatic sanctions on the country’s government officials who are located in the U.S.
But a substantial percentage favored stronger measures:
- Cut off all ties with the country (25 percent)
- Hack the country’s government infrastructure to obtain similar data (10 percent)
With ninety two percent in favor of taking action, and a substantial percentage favoring active measures – such as the one in four that want to cut off diplomatic ties, and the ten percent in favor of ‘hacking back’ – sentiments are clearly running hot on this issue.
But the top findings also show that people are still sensibly unwilling to get into an escalation with a foreign power. Hopefully (even if we don't hear about it) our government will be proactively working behind the scenes on the problem.
It's also true that many people lack a good understanding of cyberattacks. They may well view cyberattacks within the context of how many identity theft notices they've received more than anything else, and may lack an appreciation at that next level beyond the headline news. But I think we're nearing a tipping point where that awareness will broaden, and that point will be passed as people become aware of how many within their immediate circle have been affected. I know at least two of my "family and friends" who've had to deal with identity theft, and that's just of those that have volunteered information. I have to wonder about something for myself as well - last year I couldn't file my state return electronically because "another return has already been filed". Thinking on that, I've received quite a number of notices in the last three years that my data was compromised. Did someone use my compromised social security number and address to fraudulently file a tax return? Have you or your family been similarly affected?
To bring us back to our original topic. Spying is nothing new, and isn't going away. Underway right now as a starting point for government agencies (as a a result of the OPM breach) is the Cybersecurity Sprint - designed to get the initiatives underway that can help government, and commercial entities become safer from these kinds of attacks.
We have a long way to go.
Details of the question that we asked for your reference ..........................
If a foreign country were responsible for the breach of American government data, which of the following actions, if any, would be appropriate for the U.S. to take? Please select all that apply.
- Hack the country’s government infrastructure to obtain similar data
- Impose diplomatic sanctions on the country’s government officials who were located in the U.S.
- Impose trade sanctions on the country’s goods
- Initiate talks between the U.S. president and the country’s leaders to stop future data breaches
- Cut off all ties with the country
- No action should be taken
The Vormetric Survey was conducted by Wakefield Research among 1,026 nationally representative U.S. adults ages 18+ between July 10th and July 16th, 2015, using an email invitation and an online survey. Quotas have been set to ensure reliable and accurate representation of the U.S. adult population ages 18+. Results of any sample are subject to sampling variation. The magnitude of the variation is measurable and is affected by the number of interviews and the level of the percentages expressing the results. For the interviews conducted in this particular study, the chances are 95 in 100 that a survey result does not vary, plus or minus, by more than 3.1 percentage points from the result that would be obtained if interviews had been conducted with all persons in the universe represented by the sample.