On Feb. 27th, 2012, Jody Westby wrote for Forbes on the possible effects that cyber legislation could have on the economy. Boldy asserting that the recent Cybersecurity Act of 2012 (CSA) could be "one of the most expensive and intrusive pieces of legislation proposed since Sarbanes-Oxley", the author argued that the bill's signature critical infrastructure designation provision could hurt the economy through the costs of compliance.
The article specifically focused on the aforementioned critical infrastructure designation provision, which allows DHS to decide which companies fall into that category. In making that decision, DHS would consider a variety of factors (like threats, "the extent and likelihood of death . . . caused by unauthorized access to the infrastructure", and harm to the economy, among others) and then submit a risk assessment to the President in either classified or unclassified form. The Forbes article noted that if these risk assessments were inadvertently shared, that company could see its stocks prices and even market share take a huge hit.
Essentially, the author thought that the CSA's "entire approach is flawed." DHS makes its critical infrastructure determinations based on evaluations of cyber threats, but DHS might not be able to keep up with how quickly cyber threats evolve. The private sector, on the other hand, incorporates and standardizes the best practices of working groups and researchers who are studying the latest cyber threats. The author believes that the CSA would have US companies "meeting compliance requirements instead of deploying the latest technologies . . . that will best help them . . . combat current threats." In essence, corporations are going to spend their money on compliance with DHS regulation, not on advancing the security of their own networks.
The big point? If Congress enacts the CSA, costs of compliance will make it expensive. Too expensive for businesses to create jobs and comply at the same time.
The author's proposed solution? Incentives.
You can find the Forbes source article here.
Leave a Reply