Last week I was down at an industry conference in Florida. The theme of cyber security was paramount at just about every session I went to. It reinforced a significant reason for why I am running. There are not enough people that know this industry in public office. We are constantly being reactive instead of proactive to the ever-changing landscape. On Friday I read about Facebook admitting to a breach affecting 50 million accounts. The general idea behind regulation is that you leave things alone until bad behaviour forces government to get involved to protect the public interest. Well I don’t know about you, but I think these sorts of stories have gone on long enough. I am not saying that these events can be eliminated entirely, but public policy can tip the scales out of attacker advantage and force good behaviour by companies that hold your data. GDPR provides the kinds of frameworks we are sorely lacking.

In addition, we need to ensure critical infrastructure is not susceptible to attack. From a public necessity’s perspective, the power grid, cellular networks, 911 services, and hospitals are the sorts of things that need to be protected, and unfortunately, I believe are not adequately so at this time.