Cybersecurity battle heads to Congress
posted at 9:00 am on March 24, 2012 by Jazz Shaw
There’s no getting around it… hackers are doing a lot more than just loading trojans into your important e-mails from Nigerian princes trying to send you money. Some of the most prominent “hacktivists” making news are from the group Anonymous, and they’ve been getting up to all sorts of mischief. Whether it’s targeting the government of Greece or going after the Pope, the threat of serious damage from this new breed of criminals is very real and a lot of industry resources are being put into trying to block them. But fear not! We’ve got just the solution which is bound to fix everything. (By which I mean, “fix nothing.”)
A bipartisan Senate bill to bolster cybersecurity has sparked a competing proposal from Republicans wary of new regulations for businesses, a signal that burgeoning anti-government fervor has begun shaping national-security measures.
The White House-backed proposal would require companies that own computer networks integral to key critical infrastructure like electric-power systems and nuclear reactors to meet certain cybersecurity standards. Sponsors include the chairman and ranking member of the Homeland Security panel, Sens. Joseph Lieberman (I., Conn.) and Susan Collins (R., Maine).
Much of the debate so far has focused on whether proposed new regulations would be too onerous and costly for the private sector. Business interests have played a key role in crafting both proposals.
The bipartisan bill would create a new regulatory regime. The Homeland Security Department would work with industry to determine which computer systems within companies were running infrastructure where a cyberattack would be catastrophic.
The Lieberman Collins bill takes a page from a very old and very bad book. They identify a real problem and then respond with a knee jerk reaction which dumps the entire mess on a federal agency and begins piling on regulations for private companies. Perhaps it’s time to take a different approach. Washington needs to be responsible for government computer systems, and they might need a bit more help from the private sector than they are currently allowing. Private companies are responsible for their own security needs and have to take the precautions they feel appropriate to protect themselves.
Yes, if they need help taking down the bad guys, call in Justice and just make sure they follow all constitutional protections when going after Americans. But the current plan looks like it will take private security into a realm of check box bureaucracy which will be out of date before the regulations are published. And that doesn’t even get into the question of how much this turns into an invitation for Uncle Sam to go browsing through everyone’s computer files.
The Republicans, led by John McCain, have an alternate proposal, but I’d need to see more details before I could endorse that either. It’s known as The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act (SECURE IT), S 2151, and it seems to have the initial benefit of not turning the entire mess over to DHS. That’s a start, at least. Give it a read and see what you think.