Federal and state action

This article is the archived version of a report that appeared in June 2009 Consumer Reports magazine.

Cybersecurity is "now a major national security problem for the U.S.," according to a report last fall by the nonprofit Center for Strategic and International Studies in Washington, D.C., which emphasized that this aspect of national security wasn't getting the government's attention it deserved. "We treat cyber as the orphan in the storm," says James Lewis, the project director of that report. "This is the place we're being hurt the most. People have miscalculated the threat."

Consumers Union supports many of the panel's recommendations, including the formation of an executive-office position focused on securing national networks, updating laws that govern the collection of electronic evidence and storage of sensitive data, improving digital identification using a method such as biometrics, and expanding research and education focusing on cybersecurity.

Government should also better educate consumers, through the media, about how to protect themselves. Most states have strong laws requiring companies to notify consumers whose data have been breached. Other states should follow suit. But such notification, though important, is no substitute for businesses taking the measures needed to prevent such breaches in the first place.