The Government Shouldn't Be Lecturing Private Sector On Cybersecurity

It is time that business leaders begin publicly rejecting the notion that the U.S. government should be leading the private sector on good cybersecurity practices. Or to put it in more crass terms, companies need to cast a suspicious eye on cybersecurity legislation and flatly reject any attempt to impose government regulation on private sector cybersecurity programs. Why? Because the U.S. government has some of the worst security programs and, based on what has been reported, the U.S. government has had the worst cybersecurity breaches on the planet. Three at the top of the list are: Bradley (now Chelsea) Manning's 2010 theft of around 750,000 classified and unclassified but sensitive military and diplomatic cables that were given to Wikileaks and disclosed. The documents embarrassed U.S. government officials and played a role in igniting the Arab Spring. Edward Snowden's 2013 theft of what appears to be the NSA's shared drive. Edward Snowden downloaded so many files that in May, 2014, Gen. Keith Alexander, former head of NSA and Cyber Command, admitted in an interview that the government really doesn't know how many documents he obtained, but they know it was more than a million. The 2015 breach of the Office of Personnel Management's (OPM) files on government employees and security clearance background files. History of Government Cyber Incidents