Congress is back in session and “ready” to tackle cybersecurity. Regrettably, some in Congress are again proposing 19th century–style legislative solutions to this ultimately 21st-century problem. Let’s hope they think it through this time before offering the same failed ideas.
Over the past several months, the world has witnessed a large number of cyber attacks that have hit targets as varied as South Korean banks, U.S. newspapers, and the Internet itself. As cyber threats continue to evolve and grow, the corresponding need for effective cybersecurity policies grows as well. The need is real, but positive action requires wisdom and some out-of-the-box thinking.
Any new policies must deal with the fact that the cyber realm is constantly changing. Technological improvements occur so rapidly that it is difficult to keep track of them, let alone create legislation that can keep up with it all. This is why the “something is better than nothing” mentality needs to be discarded. Congress should take the time to create a thoughtful and dynamic legislation that will not hold the U.S. back with slow, static regulations. If the process is rushed by the desire to come up with anything, the short-term and long-term results could be catastrophic.
Instead, a good cybersecurity policy should include the following seven elements:
- Enabling information sharing instead of mandating it. If organizations and agencies can share information amongst themselves, then everyone can be more prepared for cyber attacks.
- Encouraging the development of a viable cybersecurity liability and insurance system. This will remove cost from the consumer and incentivize the producer to take reasonable protective actions when developing products and services.
- Creating a private-sector structure that fosters cyber supply-chain security ratings. This will help ensure the security of cyber hardware, which has to be physically replaced if it is compromised.
- Defining limited cyber self-defense standards for industry. The government should allow companies to take steps beyond strict prevention to protect themselves from cyber threats.
- Advocating for more private-sector efforts to promote general awareness, education, and training across America. The private sector and local organizations need to increase efforts to regularly provide the American public with consistent, accurate, and up-to-date information.
- Reforming science, technology, engineering, and mathematics (STEM) education to create a strong cyber workforce within industry and government. The emphasis the education system places on STEM needs to be improved in order to produce and maintain a strong and capable cyber workforce.
- Leading responsible international cyber engagement. Since the cyber realm does not reside in any one country, an international cybersecurity effort is necessary.
These could be presented in one comprehensive bill or in a number of bills from applicable committees. Regardless, in order to fully address cyber, Congress needs to craft legislation that fosters dynamic cybersecurity and does not bog it down in regulations.
Whatever legislation Congress creates should integrate these seven elements. Without them, the U.S. will remain vulnerable to cyber attacks.
Sarah Friesen is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.