• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • Top-Down Cybersecurity Regulations: An Outdated Solution

    Newscom

    Newscom

    Cybersecurity is a hot issue, and with the House of Representatives’s approval of the controversial Cyber Intelligence Sharing and Protection Act (CISPA) this week it is likely to get hotter.

    As of last night, groups opposing the bill had collected over 100,000 signatures asking the President to make good on his recent veto threat.

    When Congressmen aren’t scrapping over divisive issues like gun control and immigration reform, they often wax eloquent on cybersecurity. But when the legislative branch doesn’t come together on this topic, the government’s executive arm frequently fills the gap—a prime example is President Obama’s executive order in February. As we watch a possible showdown unfold in the Senate over CISPA, and likely see more cyber legislation in coming weeks, what principles should we keep in mind about cybersecurity?

    According to The Heritage Foundation’s Kim Holmes, there’s a right way to improve America’s critical infrastructure and a wrong way.

    The idea that the best solution for dealing with a complex threat like cyber attacks is a slew of “heavy-handed” federal regulations is what Holmes terms a “19th-century solution to a 21st-century problem.” Today’s cyber world is complicated and moves with breathtaking speed, and our approach to its dangers should take this into account.

    Instead of “an old-fashioned, top-down regulatory approach,” lawmakers should focus on empowering businesses to protect themselves from attack. For starters, Congress should consider innovations like those published in a recent Heritage report, including creating a private-public partnership to spur information sharing, or encouraging the development of nonprofits to assess and “grade” the cyber supply-chain security of companies’ technology products. Such reforms would, as Heritage urges, leave room for the “private sector to take responsibility for its own cybersecurity.”

    To further leverage the private sector, Congress should allow U.S. companies to take certain actions in self-defense, such as incorporating traps in their own systems capable of identifying perpetrators. With the private sector acting as ally, not merely a liability, law enforcement will be better positioned to follow up and prosecute cyber criminals.

    Unleashing the talent and innovations of the market is the quickest and surest way to approach cyber attacks, which, according to Symantec, already account for the loss of “$250 billion every year in intellectual property.”

    Individuals, businesses, and private entities don’t need a clunky, one-size-fits-all, thousand-page bill to protect our cyber networks. What they need is the freedom to protect themselves through creative, market-based innovation.

    Posted in Security [slideshow_deploy]

    Comments are closed.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×