Top-Down Cybersecurity Regulations: An Outdated Solution
Audrey Beck /
Cybersecurity is a hot issue, and with the House of Representatives’s approval of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) this week it is likely to get hotter.
As of last night, groups opposing the bill had collected over 100,000 signatures asking the President to make good on his recent veto threat.
When Congressmen aren’t scrapping over divisive issues like gun control and immigration reform, they often wax eloquent on cybersecurity. But when the legislative branch doesn’t come together on this topic, the government’s executive arm frequently fills the gap—a prime example is President Obama’s executive order in February. As we watch a possible showdown unfold in the Senate over CISPA, and likely see more cyber legislation in coming weeks, what principles should we keep in mind about cybersecurity?
According to The Heritage Foundation’s Kim Holmes, there’s a right way to improve America’s critical infrastructure and a wrong way.
The idea that the best solution for dealing with a complex threat like cyber attacks is a slew of “heavy-handed” federal regulations is what Holmes terms a “19th-century solution to a 21st-century problem.” Today’s cyber world is complicated and moves with breathtaking speed, and our approach to its dangers should take this into account.
Instead of “an old-fashioned, top-down regulatory approach,” lawmakers should focus on empowering businesses to protect themselves from attack. For starters, Congress should consider innovations like those published in a recent Heritage report, including creating a private-public partnership to spur information sharing, or encouraging the development of nonprofits to assess and “grade” the cyber supply-chain security of companies’ technology products. Such reforms would, as Heritage urges, leave room for the “private sector to take responsibility for its own cybersecurity.”
To further leverage the private sector, Congress should allow U.S. companies to take certain actions in self-defense, such as incorporating traps in their own systems capable of identifying perpetrators. With the private sector acting as ally, not merely a liability, law enforcement will be better positioned to follow up and prosecute cyber criminals.
Unleashing the talent and innovations of the market is the quickest and surest way to approach cyber attacks, which, according to Symantec, already account for the loss of “$250 billion every year in intellectual property.”
Individuals, businesses, and private entities don’t need a clunky, one-size-fits-all, thousand-page bill to protect our cyber networks. What they need is the freedom to protect themselves through creative, market-based innovation.