I’m not confident that there’s a measure that the U.S. federal government can take to make everybody more secure at a blanket level to stop the attacks. But what I do believe would be possible is if there are better ways to incentivize information sharing. I’ve got these regulatory issues. What’s going to bite me if I invite the government in? I’ve got issues about public perception. If I invite other organizations in, how long can I try to contain this before I bring others in? Maybe we can sweep this under the rug. There’s a lot happening there. Plus, if you’ve got a consortium of industries that are meeting and sharing information, how do you incentivize them to share information when they’re talking to their competitors?
Prevention is never enough. You’ve got to assume somebody’s going to hit you. So it really helps to invest in understanding the tools the attackers are using, what those tools look like on the wire and put in place pieces to detect them. I just got back from Texas. I was teaching a class on how to hack, a two-day course. I took my students through here’s our tool kit. Here’s everything we did. Here are the defenses we’re going to encounter here, what they look like. Here are the things where I as the attacker am vulnerable. So, taking kind of a counterintel approach to understanding what’s being thrown at me, what does it look like and where is it weak so I can disrupt it, that’s a very healthy thing to do.