How Can the Government Regulate Cybersecurity?

November 4, 2011 at 8:00 am Leave a comment

I read a good article this week on CircleID by Bruce Levinson. He talks about how eventually cybersecurity will be something the federal government regulates, alongside other more familiar types of activities such as financial transactions and the environment. You can disagree about the proper role of government in the regulation of private networks, but he positions this challenge in an interesting way. Here’s the link.

Levinson writes that the current regulations are very limited and each agency pursues cybersecurity in its own fashion:

Agencies’ approaches to cybersecurity risk management are being driven by their different statutory responsibilities and authorities rather than reflecting regulatory mechanisms which have been tailored to the needs to different industries. Although a one-size-fits-all federal attitude toward cybersecurity regulation is not necessarily beneficial, neither is an ad hoc modus operandi.

Levinson works at the Center for Regulatory Effectiveness, so he thinks about these issues a lot. He doesn’t pretend to have the answers, and his article closes with a call for more honest dialogue. There is no doubt that would be a positive step. Yet one thing I didn’t see in the article was an acknowledgment that security breaches are inevitable. How is the damage contained once a breach occurs, and how can you proactively defend critical networks, rather than just guard the gates?

I talked about a different philosophical approach to security back in April. The basic Internet infrastructure was not designed with security in mind. You can’t hide behind a locked door in cyberspace. What you need to do is take ever practical step to secure your networks, then assume they will fail and take steps to immediate detect breaches and immediately start mitigating the damage.

It’s a hard concept for an extremely risk averse culture like the federal government to grasp, the inevitability of failure. But without it the cybersecurity regulatory dialogue Levine calls for will not be honest or effective.

About these ads

Entry filed under: Tech. Tags: , , , , .

Advances in Government Collaboration — Report from GovComm Bobby Kacher Wine Tasting at Calvert Woodley

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed



Traffic Sources

Alexa Rank

Twitter Stream

Become a Strategic Communications Fan

Add to Technorati Favorites


Get every new post delivered to your Inbox.

%d bloggers like this: