Townhall: Labor Shortage and Antitrust Bills are Recipe for Cybersecurity Disaster
American workers are walking away from jobs at higher rates than the nation has seen in a very long time. The latest data shows there are over 10 million unfilled jobs in the United States alone. This labor shortage has contributed to a global supply chain disruption that may last for months – or even years. The “Help Wanted” signs are cropping up in more and more windows in businesses across the country.
However, one area being impacted is not obvious to people meandering around their cities and towns. The cybersecurity industry is severely short of workers at the moment. Data shows there are roughly 879,000 cybersecurity professionals in the U.S., yet there are currently 359,000 unfilled job openings in the field. For perspective, that means almost 30 percent of the cybersecurity industry is currently vacant.
Unfortunately, instead of working to address this problem, policymakers in Washington are advancing proposals that would greatly exacerbate it. A bipartisan assortment of politicians have launched an attack on the most prominent names in the tech sector with legislation that would let potentially harmful third-party developers have unfettered access to the devices of all Americans. Other bills would dramatically curb the ability of companies who make and provide the devices and services we all use daily to invest in new cybersecurity firms. Proponents of these pieces of legislation claim this will tackle the “monopolistic” practices of companies like Apple and Google.
In reality, these companies are big because they provide relatively safe and reliable products and services. Their size also allows them to dedicate more resources to more efficiently combating cyber threats, especially as hostile foreign governments and cybercriminals continue to grow their ranks. What they and many other technology companies need most is additional cybersecurity professionals on watch, not new weaknesses built into their systems through public policy.
Security is as much a criterion of competition as anything else consumers evaluate. Companies like Apple tightly control their software ecosystems and app stores because that leaves them fewer flanks to guard. Think of the 300 Spartans at the Battle of Thermopylae. Though vastly outnumbered, they held back a much larger invading army by controlling a narrow passage and were only foiled once someone showed the invading army of Xerxes an alternate path.
Consumers also have a choice of ecosystems. Google’s Android-powered devices, for example, allow greater flexibility in terms of application sideloading, with the tradeoff of potentially opening a device to more vulnerabilities. Some people want that flexibility, some people don’t. They should be free to choose.
Legislating backdoors into Americans’ devices would naturally make cybersecurity work a nightmare. Verification of third-party developers would become far more difficult, and devices everywhere would be vulnerable to hacks and breaches.
This will have a severe impact on the cybersecurity industry. There is only so much workers can do to guard devices when they’ve been kneecapped by politicians in Washington. The impact of the legislation will necessitate more workers in an industry that is already understaffed. Given the impossibility of the new task being demanded of these cyber workers, more will likely walk away.
The last year-and-a-half has made the country painfully aware of our existing vulnerabilities. Last year, cyberattackers were able to get into the private data of thousands of organizations across the country with the SolarWinds hack. This included many data breaches of the U.S. federal government.
Later, a ransomware attack forced Colonial Pipeline to temporarily shut down, causing gas shortages and higher prices in the resulting panic. Colonial could not even solve the problem with their cybersecurity team. The company had to pay the hackers $4.4 million to relent. Unsurprisingly, at the time of the hack, Colonial had an open job listing for a Cybersecurity Manager posted on its website. This worker shortage is having real world impacts on Americans of all walks of life.
Cybersecurity is already wearing thin in America. Companies like Apple and Google have systems in place to create trust in digital markets and to prevent malicious actors from accessing their devices. Instead of creating new vulnerabilities by going after these existing systems, policymakers in Congress ought to be figuring out how to plug existing holes before something far worse than the SolarWinds or Colonial Pipeline attacks comes to pass. Legislation attacking tech companies and their app stores is the opposite of what the country needs right now.
Photo: AP Photo/Cliff Owen
Published on December 14, 2021Original Publication