In a crisis, is government intervention in private enterprise networks/systems necessary?

2.1k views1 Upvote5 Comments

Managing Partner & CISO in Software, 11 - 50 employees
Think back to the Office of Personnel Management (OPM) breach of 2015. The US government’s cybersecurity budget in 2015 was $37 million dollars. In 2017 the presidential records show that it was $19 billion dollars. It would be a farce for the government to tell critical infrastructure how to do cybersecurity when their largest data trove is probably less protected than data stored by any one of the companies targeted by the FBI action.

Cybersecurity is the only security where the government says, "You're on your own. Hope you guys can hire some good people and buy some expensive tech." Companies don't typically have their own anti-aircraft guns on top of their buildings. We rely on the police. We rely on services.
Member Board of Directors in Finance (non-banking), 201 - 500 employees
In the case of critical infrastructure there is a lot to discuss regarding how far the government should go to protect the country, even if private enterprises are involved. I think it's healthy to have these conversations. Capitalism and private enterprise are great, but at some point you have to figure out how to protect yourself. It would be healthy for the government to go further in some critical infrastructure areas to take ownership of protecting the country. Maybe they should move the guardrails before the crisis happens so that the government has more ownership and involvement in critical infrastructure specifically.
1 1 Reply
Board Member, Advisor, Executive Coach in Software, Self-employed

Like the equivalent of the Defense Production Act: under certain circumstances there's an executive order that can trigger mandates which private industry now has to follow, under certain authorities.

CIO in Software, 5,001 - 10,000 employees
The issues Zoom faced last year were at least problematic for some companies and definitely threatening for others, as data was being piped through data centers in certain countries. What would have happened if they hadn’t responded to the problem? You can walk away from that business, but what if their service is critical, especially in a pandemic? We have to define what makes a critical situation.
Board Member, Advisor, Executive Coach in Software, Self-employed
It becomes really context based. I have never called the government and asked them for help with any incident that I have ever managed. I never informed them early in the process, excluding minor instances when I had knowledge that I knew would help them find and mitigate other issues. But in those cases the government still stayed on the other side of the system. I gave them snippets of information when and how I wanted to because I didn’t want them in the middle of my investigations.

Content you might like


No, but I plan to36%

No, and I do not plan to10%


1.8k views1 Comment

No plans on undergoing a migration yet34%

Currently deploying SAP S/4HANA27%

Migrating to SAP S/4HANA within the next 1-2 years19%

Migrating to SAP S/4HANA within the next 3-6 years10%

Already have SAP S/4HANA in production8%


31.4k views154 Upvotes32 Comments