- The Foundry: Conservative Policy News Blog from The Heritage Foundation - http://blog.heritage.org -
“Voluntary” Cybersecurity Standards: The Threat of Regulation Looms
Posted By Brett Ramsay On October 2, 2013 @ 3:42 pm In Security | Comments Disabled
Recently, Federal News Radio reported  that the National Institute of Standards and Technology (NIST) is nearing completion of the nation’s first ever cybersecurity framework. Despite initial cooperation, the threat of mandatory regulations as a result of this framework is a sword hanging over the private sector.
The NIST framework is supposed to act as a voluntary  program encouraging resilient cybersecurity through best practices, new security techniques, and gauges to help organizations better understand their own cybersecurity.
Despite the “voluntary” language of the framework, some industry leaders see in this document  the creation of future government regulations . In fact, Sections 8–10  of President Obama’s executive order call for a regulatory system that will squash private initiative.
The ever-changing nature of cyberspace means the framework’s standards and best practices will be outdated  within months if not weeks. Furthermore, this model cannot effectively enable critical cybersecurity tools such as information sharing, since only legislation can provide much-needed liability and Freedom of Information Act (FOIA) protections.
Instead of taking a standards-based approach to cyber defense, Congress should create an effective information-sharing environment while also avoiding costly regulatory burdens . This would allow close collaboration between private companies and government. Without this close cooperation, U.S. cyber defenses will become slow and rigid.
To enable this cooperation, Congress should act on seven elements  providing companies with critical legal protections and making it easier to share information. Due to ambiguities in current law, companies are hesitant to share information on cybersecurity. Many companies fear the legal ramifications  for disclosing information as well as losing competitive advantage through the FOIA requests of competitors.
Importantly, any information-sharing effort must be a two-way street between government and the private sector. As such, a central hub for sharing cybersecurity information should be created. A nonprofit organization  modeled after the Internet Corporation for Assigned Names and Numbers or the Internet Society could fill this role. Such an organization would include industry representatives to protect the interests of the private sector and representatives from privacy organizations to make sure information sharing respects Americans’ civil liberties.
Instead of merely hoping that the NIST framework will follow a voluntary path, Congress should stop ceding authority to regulators and pursue policies that allow the private sphere to exert innovation and excellence without fearing future government regulations.
Brett Ramsay is currently a member of the Young Leaders Program at The Heritage Foundation. For more information on interning at Heritage, please click here .
Article printed from The Foundry: Conservative Policy News Blog from The Heritage Foundation: http://blog.heritage.org
URL to article: http://blog.heritage.org/2013/10/02/voluntary-cybersecurity-standards-the-threat-of-regulation-looms/
URLs in this post:
 Image: http://blog.heritage.org/wp-content/uploads/lock-cyber-security2.jpg
 reported: http://www.federalnewsradio.com/473/3464415/NIST-puts-finishing-touches-on-critical-infrastructure-cyber-framework-
 voluntary: http://www.mainjustice.com/2013/09/11/nist-looking-at-next-steps-for-cyber-framework/
 document: http://www.nist.gov/itl/upload/discussion-draft_preliminary-cybersecurity-framework-082813.pdf
 regulations: http://www.smartgridnews.com/artman/publish/Technologies_Security/NIST-moves-forward-on-White-House-cybersecurity-order-6051.html/?fpm
 Sections 8–10: http://www.heritage.org/research/reports/2013/02/obama-s-cybersecurity-executive-order-falls-short
 outdated: http://www.heritage.org/research/reports/2013/06/weaknesses-of-a-regulatory-approach-to-cybersecurity
 regulatory burdens: http://www.heritage.org/research/reports/2012/06/cybersecurity-and-red-tape-more-regulations-not-the-answer
 seven elements: http://www.heritage.org/research/reports/2013/04/a-congressional-guide-seven-steps-to-us-security-prosperity-and-freedom-in-cyberspace
 click here: http://www.heritage.org/about/departments/ylp.cfm
Copyright © 2011 The Heritage Foundation. All rights reserved.