On Tuesday, some of the nation’s most experienced cybercrime journalists came together at Fordham to discuss the challenges of telling stories that are, by their very nature, some of the most difficult ones to tell.
“Cybersecurity is the most important story, and it is also the least well-covered, especially as it relates to broadcasting and visual media,” Josh Margolin, chief investigative reporter, ABC News, told attendees at the International Conference for Cyber Security (ICCS) at the Lincoln Center campus.
“When you start talking about the threats that have not yet developed, the fears that people should have, and the knowledge they should use to arm themselves, it feels theoretical. Those are always difficult stories to tell on television.”
Covering Threats Before They Happen
John Miller, chief law enforcement and intelligence analyst at CNN, agreed. Unlike stories such as the Colonial Pipeline ransomware attack that crippled critical energy facilities in 2021, stories about cybersecurity threats that have not yet happened rarely register with the American public.
As an example, he cited coverage of former FBI Director Chris Wray’s assertion last year during congressional testimony that the Chinese government is placing “digital time bombs” in critical infrastructure across the United States that it can trigger during a crisis.
That couldn’t be clearer or more frightening in terms of how that could affect day-to-day life, he said, but if you asked 100 people on the sidewalk about it today, 99 would say they’ve never heard of it.
“It’s like trying to say to your editor, ‘There’s a daring bank robbery today, they got a million dollars,’” he said.
“That’s an easy sell, as opposed to ‘There’s something lurking in our bank system that could cost a hundred billion dollars, and we’re not sure how to defeat it.’”
Focusing on Cybercrime Victims
When it comes to covering cyberattacks after the fact, Steve Coll, editor of The Economist, said that studies have shown that although cybercrimes differ from physical thefts and assaults, journalists tend to cover them the same way: from the perspective of the victim.
Some in the field have wondered whether more coverage should focus on perpetrators, but Coll said it’s not necessarily bad that so much coverage leads with the victims, because the companies involved may be embarrassed by their lack of protection.
“You get into those places (that were targeted) and say, ‘Were the software patches there? Were the updates done? Were they scanning against threats on a daily basis? Did they have adequate personnel considering mistakes?’ The answer is ‘no, no, no, and no,’ he said.
But companies should take comfort in the fact that their embarrassment can help others avoid a similar fate, Coll said.
Miller said the good news is that there are more journalists than ever focused on the field, and groups like Citizen Lab and Microsoft do a great job of helping them translate highly technical issues into stories the general public can understand.
“It’s the same way a doctor with a good bedside manner is able to explain complex medical things to the patient,” he said.
ICCS, a joint initiative between the Gabelli School of Business and the FBI, brought together members of law enforcement, the private sector, and academia for three days of talks, panels, and workshops.
