Cybersecurity and the Tylenol Murders 74
According to Cohn the story of the Tylenol murders comes to mind as Congress considers the latest cybersecurity and data breach bills. To folks who understand computer security and networks, it's plain that the key problem are our vulnerable infrastructure and weak computer security, much like the vulnerabilities in Johnson & Johnson's supply chain in the 1980s. As then, the failure to secure our networks, the services we rely upon, and our individual computers makes it easy for bad actors to step in and "poison" our information. The way forward is clear: We need better incentives for companies who store our data to keep it secure. "Yet none of the proposals now in Congress are aimed at actually increasing the safety of our data. Instead, the focus is on "information sharing," a euphemism for more surveillance of users and networks," writes Cohn. "These bills are not only wrongheaded, they seem to be a cynical ploy to use the very real problems of cybersecurity to advance a surveillance agenda, rather than to actually take steps to make people safer." Congress could step in and encourage real security for users—by creating incentives for greater security, a greater downside for companies that fail to do so and by rewarding those companies who make the effort to develop stronger security. "It's as if the answer for Americans after the Tylenol incident was not to put on tamper-evident seals, or increase the security of the supply chain, but only to require Tylenol to "share" its customer lists with the government and with the folks over at Bayer aspirin," concludes Cohn. "We wouldn't have stood for such a wrongheaded response in 1982, and we shouldn't do so now."