"We shouldn't wait until there is a 9/11 in the cyber world," Napolitano told Reuters news service, referring to the massive terrorist attacks against the U.S. on September 11, 2001. "There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage."
Chris Petersen, chief technology officer of LogRhythm, a log management and SIEM 2.0 provider, said in reaction to Napolitano's comments that it's unfortunate President Obama needs to consider signing an executive order on cyber security.
"Ideally, Congress would recognize and act on the threat we face as a nation when it comes to defending ourselves against cyber war and cyber terrorism. These threats are real and will only increase in the years to come -- drastically and swiftly," Petersen said. "If signing an executive order does nothing other than help move cyber security spending up the stack of 2013 IT budgets, it will be a win for us all."
As Petersen sees it, there are real and valid concerns when it comes to cyber security legislation, a main concern being additional compliance burdens on U.S. companies. While concerns are understandable, he said, the reality is that without a measuring stick, companies won't know if they have gone far enough in protecting themselves. Without enforcement, some companies will just kick the can down the road and hope for the best.
"We appreciate that there are valid concerns and criticisms that will be disclosed through discussion. However, there is real risk in delaying action as we wait years for all opinions and concerns to...