Should There Be A Cybersecurity Public Option? NYC Secure Will Be the Test Case
On Thursday, New York City Mayor Bill De Blasio announced the municipal government is designing a free public-option security analytics application for their residents: NYC Secure. The app’s design will alert users to digital threats, particularly on mobile devices. The plan is to fully deploy the app this summer, although an exact timeline has not been announced.
Based on official statements, NYC Secure will operate more like SIEM or security analytics than like traditional anti-malware. It will scan for threats on users’ devices, disconnect them from malicious WI-Fi connections, and suggest cybersecurity best practices. However, NYC Secure will not take active steps to mitigate the threats detected, requiring user awareness and participation. NYC Secure will not collect user data in any capacity.
Geoff Brown, Citywide Chief Information Security Officer, said in a statement: “In order to stay a step ahead of cybercriminals that are continuously finding new ways to hack devices, we must invest in the safety of the digital lives of our residents. While no individual is immune to cybersecurity threats, this program will add an extra layer of security to personal devices that often house a huge amount of sensitive data.”
This is far from the only digital security measure New York City is undertaking. The municipal government is also securing its public Wi-Fi networks via Quad9, a free DNS protection platform provided jointly the Global Cyber Alliance, IBM and Packet Clearing House. The city already has a cybersecurity defense department—NYC Cyber Command (NYC3)—created by mayoral order in July 2017. NYC3 is developing the NYC Secure app.
The attacks on Atlanta and Baltimore indicate that cities are not safe from cyber-criminals and hackers. Combined with the rising threat of nation-state hackers, the question is inescapable: should there be a cybersecurity public option?
This is undoubtedly a contentious question philosophically, given individual feelings on the role of government in American lives. If you consider cyber-attacks on government services or by nation-states military or espionage actions, as we do here, then the government has an obligation to protect its citizens against them. However, that opens plenty of questions about implementation:
- Should a cybersecurity public option only apply to citizens, as NYC Secure does?
- Should there be an enterprise-level cybersecurity public options for businesses that can’t afford their own cybersecurity solution?
- What should a public option platform defend against? Should it operate like traditional antivirus, SIEM/security analytics, or identity management?
- If the public option did apply to enterprises, how do we keep it from unfairly competing against private solutions providers?
- Can individuals or enterprises opt out of a cybersecurity solution?
We don’t pretend to have concrete answers on these questions. But we do recognize that the lines between national security and cybersecurity have already blurred—that there is a need for NYC Secure proves that. And since that is the case, we have to start considering what the world will look like when that line vanishes altogether. Digital threats are omnipresent now. Shouldn’t we get all the help we can get?
Widget not in any sidebars