- Cyber threats are changing: hacking planes, disabling cars, rigging voting machines, remote murder by hacking medical devices, hacking internet thermostats.
- Traditional thinking about information security as a triad: confidentiality, integrity and availability.
- Industry has been focused more on preventing confidentiality/privacy attacks: Some examples are Ashley Madison breach, Sony data theft, and OPM data breach.
- Confidentiality threats are real, but integrity/availability treats are much worse. The rise of integrity/availability threats is a result of IoT – e.g. feeding cars with false information could be fatal, and remotely disabling home security systems.
- Congress is already notified about that integrity/availability threats are larger and more important than confidentiality threats. They need to act right.