Also, interface design is a very significant issue that receives far too little attention. The problem is lousy software designs and lousy human interfaces, on systems ranging from the routers that control the nation’s Internet to the dialog boxes that your browser presents. A few years ago, researchers from Princeton and the University of Washington conducted a study of what users actually comprehend when they read these dialog boxes, and the answer, not surprisingly, is that users don’t have a clue what these dialog boxes are trying to tell them. This is absolutely not a user problem! Of course, it turns out that a large proportion of Internet routing errors are happening for just this reason—someone in an ISP changes the configuration of some routers and an error is introduced. But it also turns out that the configuration interface on many Internet routers is incredibly primitive, and thus hugely error-prone.

Is there a role for the private sector and in particular CIOs when it comes to seeing some of these changes enacted?
CIOs and CEOs must insist on different behavior by the current administration. Our nation’s health and security depends on it. On their own, CIOs—that is, the private sector—must install and operate systems that match the state of the art in terms of cybersecurity. CIOs must demand that software vendors design and correctly implement these systems, and most importantly, CIOs must be willing to pay for it. Also, many corporations now have a chief information security officer, which is an important step. And there is an increasing trend toward having a person with IT qualifications on the corporate board of directors, just as a person with appropriate financial experience must be a board member in order to chair the audit committee. These sorts of things are becoming the standard of practice, and corporations that fail to meet this standard of practice will do so at their own jeopardy.