• The Heritage Network
    • Resize:
    • A
    • A
    • A
  • Donate
  • “Voluntary” Cybersecurity Standards: The Threat of Regulation Looms

    Photo credit: Newscom

    Newscom

    Recently, Federal News Radio reported that the National Institute of Standards and Technology (NIST) is nearing completion of the nation’s first ever cybersecurity framework. Despite initial cooperation, the threat of mandatory regulations as a result of this framework is a sword hanging over the private sector.

    The NIST framework is supposed to act as a voluntary program encouraging resilient cybersecurity through best practices, new security techniques, and gauges to help organizations better understand their own cybersecurity.

    Despite the “voluntary” language of the framework, some industry leaders see in this document the creation of future government regulations. In fact, Sections 8–10 of President Obama’s executive order call for a regulatory system that will squash private initiative.

    The ever-changing nature of cyberspace means the framework’s standards and best practices will be outdated within months if not weeks. Furthermore, this model cannot effectively enable critical cybersecurity tools such as information sharing, since only legislation can provide much-needed liability and Freedom of Information Act (FOIA) protections.

    Instead of taking a standards-based approach to cyber defense, Congress should create an effective information-sharing environment while also avoiding costly regulatory burdens. This would allow close collaboration between private companies and government. Without this close cooperation, U.S. cyber defenses will become slow and rigid.

    To enable this cooperation, Congress should act on seven elements providing companies with critical legal protections and making it easier to share information. Due to ambiguities in current law, companies are hesitant to share information on cybersecurity. Many companies fear the legal ramifications for disclosing information as well as losing competitive advantage through the FOIA requests of competitors.

    Importantly, any information-sharing effort must be a two-way street between government and the private sector. As such, a central hub for sharing cybersecurity information should be created. A nonprofit organization modeled after the Internet Corporation for Assigned Names and Numbers or the Internet Society could fill this role. Such an organization would include industry representatives to protect the interests of the private sector and representatives from privacy organizations to make sure information sharing respects Americans’ civil liberties.

    Instead of merely hoping that the NIST framework will follow a voluntary path, Congress should stop ceding authority to regulators and pursue policies that allow the private sphere to exert innovation and excellence without fearing future government regulations.

    Brett Ramsay is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here.

    Posted in Security [slideshow_deploy]

    Comments are closed.

    Comments are subject to approval and moderation. We remind everyone that The Heritage Foundation promotes a civil society where ideas and debate flourish. Please be respectful of each other and the subjects of any criticism. While we may not always agree on policy, we should all agree that being appropriately informed is everyone's intention visiting this site. Profanity, lewdness, personal attacks, and other forms of incivility will not be tolerated. Please keep your thoughts brief and avoid ALL CAPS. While we respect your first amendment rights, we are obligated to our readers to maintain these standards. Thanks for joining the conversation.

    Big Government Is NOT the Answer

    Your tax dollars are being spent on programs that we really don't need.

    I Agree I Disagree ×

    Get Heritage In Your Inbox — FREE!

    Heritage Foundation e-mails keep you updated on the ongoing policy battles in Washington and around the country.

    ×