Over the past few years, numerous bills on cyber security have been introduced and gone nowhere in Congress. That's about to change. The House leadership announced during “Cyber Security Week” in April that it approved four bills. The Senate is currently attempting to resolve largely partisan differences among competing cyber bills. Chances of reaching a compromise are probably 50-50.
The good news is that Congress is beginning to take the problem seriously. The bad news is that, with a few notable exceptions, federal lawmakers mostly think we are still primarily concerned with hackers and passwords. For too many policymakers, the fact that an organization was “breached” is an indication that stronger, more invasive regulatory oversight by the government is needed.
The reality of protecting our information is, of course, far more complicated. We are all facing increasingly sophisticated threats and, in response, we are deploying increasingly advanced defenses. However, security decisions are often not just about safeguarding assets as a competitive force. Business relationships and new platforms need to be managed as part of the full enterprise solution set. This can be a bit difficult for even well-intentioned legislators, most of them “digital immigrants” who are not really comfortable or knowledgeable about the bits-and-bytes world they now inhabit. We owe it to ourselves and our industry to respond with feedback and education for our elected officials.
Unfortunately, even if cyber bills reach the president's desk this year, it's likely that they will address important, but not fundamental issues that need to be resolved. Questions as to the appropriate mix of market incentives versus government regulation, the proper roles for military versus civilian authority, and the way in which business economics and cyber security can be resolved in a sustainable fashion will still be on the table for a new Congress – and perhaps a new administration.
It is critical that the security personnel who are addressing these core issues as part of their day jobs substantially upgrade the education program for our elected officials. This is a call to action. Become educated. Express your concerns. Get involved. Contact your representative directly or work through professional organizations, such as the Internet Security Alliance. Share your expertise, experiences and concerns with those crafting the laws with which we will all have to comply. The only certainty in this process is that we will all have to live with final legislation for the coming years. Let's get involved and influence the future of our industry.
Photo by Aaron Ansarov
»Public-private exchange »Opt to share »Meanwhile, in the Senate... »Critical infrastructure |