<div dir="ltr">
<div class="">
<div class="">
<a href="http://www.nytimes.com/"><img src="http://graphics8.nytimes.com/images/misc/nytlogo153x23.gif" alt="The New York Times" align="left" border="0" hspace="0" vspace="0"></a>
</div>
<div class="">
</div>
</div>
<br clear="all"><hr align="left" size="1">
<div class="">February 26, 2013</div>
<h1>An Eerie Silence on Cybersecurity</h1>
<div id="articleBody">
<p>
Apart from a few companies like Google, which revealed that Chinese
hackers had tried to read its users’ e-mail messages, American companies
have been <a href="http://www.nytimes.com/2013/02/21/technology/hacking-victims-edge-into-light.html?hp&pagewanted=all&_r=0">disturbingly silent</a>
about cyberattacks on their computer systems — apparently in fear that
this disclosure will unnerve customers and shareholders and invite
lawsuits and unwanted scrutiny from the government. </p>
<p>
In some cases, such silence might violate the legal obligations of
publicly traded companies to share material information about their
businesses. Most companies would tell investors if an important factory
burned to the ground or thieves made off with hundreds of millions of
dollars in cash. So why do they feel that the theft of trade secrets
that are often much more valuable do not deserve to be discussed?
Companies might argue that it’s hard to quantify the losses from
cyberattacks, but that does not mean that they are costless. </p>
<p>
By keeping quiet, companies also make it more difficult for other
businesses and the government to protect against similar attacks. Recent
evidence suggests that cyberassaults against corporate and government
systems are becoming more frequent and more sophisticated. Bringing
these assaults into the open can make everybody more secure. President
Obama’s <a href="http://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity">recent executive order</a> encouraging voluntary sharing of information is a welcome step in that direction. </p>
<p>
This not about shaming companies. It is about protecting these companies as well as individuals against security breaches. A <a href="http://onlinelibrary.wiley.com/doi/10.1002/pam.20567/abstract?systemMessage=Wiley+Online+Library+will+be+disrupted+on+23+February+from+10%3A00-12%3A00+BST+%2805%3A00-07%3A00+EDT%29+for+essential+maintenance&userIsAuthenticated=false&deniedAccessCustomisedMessage=">recent study</a>
showed that state laws that require companies to inform individuals
about security breaches on personal information like credit card numbers
have resulted in a modest drop in identity theft in those states. That
suggests that timely disclosures give individuals the opportunity to
take action to protect themselves and encourage corporate executives to
increase efforts to protect their systems. </p>
<p>
In 2011, the Securities and Exchange Commission issued <a href="http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm">nonbinding guidelines</a>
informing companies about their responsibilities under existing laws to
report cyberattacks; the commission has also sent letters suggesting
that companies reveal more information about the threats they encounter.
If confirmed by Congress, Mary Jo White, Mr. Obama’s choice to lead the
agency, could strengthen the commission’s efforts by making the
guidelines binding. Big investors like pension funds should also demand
more data from companies because as shareholders they lose when secrets
are stolen. </p>
<p>
As more companies reveal breaches, the stigma of doing so fades. <a href="http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html">Recent reports in The Times that hackers in China attacked its computer systems</a>
appeared to encourage other newspapers to admit that they had been
attacked, too. Executives should understand that openly discussing
threats helps everyone become more alert to risks, which would be in
their own long-term interest. </p>
<div class="">
</div>
</div>
<br clear="all"><br>-- <br>Art Deco (Wayne A. Fox)<br><a href="mailto:art.deco.studios@gmail.com" target="_blank">art.deco.studios@gmail.com</a><br><br><img src="http://users.moscow.com/waf/WP%20Fox%2001.jpg"><br>
</div>