I was listening to a very interesting story on NPR this morning about the state of the nation when it comes to cybersecurity. One of the main points was that our national infrastructure is very vulnerable to offensive cyber operations since private companies are mainly responsible for critical infrastructure such as electricity and virtually no private companies have been spending money on keeping their systems safe from intrusion.
There are split feelings on this issue about whose responsibility it is to keep infrastructure safe. Surprisingly, it isn't the typical Democrat-Republican split. Many former security officials from the Bush administration feel that business should be devoting their resources to meet this challenge, while business leaders quoted in the piece feel that this is the government's responsibility, not theirs - and the government should pay for hardening their systems.
Outside of a federal takeover of these critical assets (which no one wants), I personally think legislation, regulation, and incentives codified into the tax code are the only ways to force businesses to take their cyber responsibilities seriously. The threats have been present and well documented for long enough. Business leaders have had their chance to police themselves, and they have failed miserably.
Listen to the story here.