A majority of Americans agree that sharing information on cybersecurity threats is the best way to protect the country’s networks. According to a Washington Post poll, nearly two-thirds of Americans support responsible information sharing, while only 39 percent of Americans support the idea of mandatory regulations. These percentages span party lines.
Equally telling is the fact that only one in three Americans believes that the U.S. is prepared for cybersecurity threats, and for good reason. As much as $400 billion is stolen from Western companies annually as a result of cyber crime. If nothing is done, the U.S. will likely face consequences ranging from continued growth in economic espionage to a complete shutdown of the power grid, which could paralyze the nation.
Congress is currently considering two approaches. The first option is embodied in the Cybersecurity Act of 2012. Although this bill contains some good provisions, it places significant emphasis on regulations, which would place a major burden on private companies. Equally problematic is that the regulatory process is not equipped to keep pace with shifting threats. Thus, portions of this bill would be obsolete as soon as the ink was dry.
The second approach is represented by both the Secure IT Act and the Cyber Intelligence Sharing and Protection Act. This approach emphasizes voluntary sharing of cybersecurity threat and vulnerability information between private companies and the government to improve both entities’ abilities to fight cyber threats. Government agencies would share with each other and with private companies, making government systems more secure and helping the private sector protect itself. Importantly, this solution would allow information sharers to keep up with the most current threats.
The first line of defense in cybersecurity is the individual. Americans must take responsibility for the safety of our networks. Becoming educated about the threats to cybersecurity is something each American can do. With such knowledge, we can better protect individual and corporate networks, thereby reducing the need for government action.
Currently, information sharing, combined with individual education and protection of networks, is our best option. Regulations have the potential to over-burden companies while failing to keep up with technology. Information sharing, however, is far more flexible and combines the interests of the private and public sectors more effectively. The U.S. should do what is most likely to succeed, and information sharing, not regulations, is the answer.
Maura Cremin is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please visit: http://www.heritage.org/about/departments/ylp.cfm