Re: Accountants are the issue
I wouldn't say the accountants per se. Accountants are a predictable bunch and will do whatever the numbers tell them to do. What is necessary is to an input into their system that monetizes the risk of compromise. Once you do that the accountants will line up neatly behind or possibly even in front of the engineers insisting the appropriate measures be taken.
I will grant this is the one place where it will be necessary for governments to act to create the financial incentive. It is actually fairly simple:
1) The corporation will be responsible for all damages that result from a compromise of their systems. This will include not only the cost of repair but the total cost of down time for any and all of their customers who are affected by the compromise.
2) While the corporation may engage in risk pooling, it may never completely transfer the risk to another corporation.
3) In the event the corporation does not have sufficient means to fulfill its responsibilities under item #1, the officers of the corporation and its board of directors will be held personally liable for the uncovered damages.
Even with the typical lead times for infrastructure improvements in these industries, I expect that were laws specifying this enacted, 85% of the problems would be fixed within a year, and in excess of 95% would be fixed in two. By year three we'd be approaching several sigmas of assurance.