In an editorial entitled “Cybersecurity at Risk” published in the print edition on August 1, 2012, the New York Times argues:
The Lieberman-Collins bill should be voted by the Senate this week and then merged with the House version so a law can be enacted this year. If not, and a catastrophic cyberattack occurs, Americans will be justified in asking why their lawmakers, mired in election-year partisanship, failed to protect them.
The Times notes: “Under the revised bill, industry will develop the standards for addressing threats and compliance will be voluntary.” One has to wonder whether voluntary compliance with standards written by the industry that is to be regulated will have much impact. Would such a scheme ever force businesses to spend the money and to make the convenience trade-offs that the market never forced them to?
Note, also, that The Times unquestioningly repeats Gen. Keith Alexander, the chief of the United States Cyber Command and the director of the National Security Agency, in stating “that it’s only a matter of time before an [cyber] attack causes physical damage.” It further reports that he “has also called the loss of industrial information and intellectual property through cyberespionage ‘the greatest transfer of wealth in history.’”
Says The Times: “It’s time for the endless talk of cyberthreats to be met by action.” True enough, but let’s not confuse action with progress. I’m not arguing that mandatory regulation is the answer – or at least that it is all the answer – but I do assert that voluntary compliance with self-written regulations will not change conduct in cyberspace sufficiently to protect our national security.
Leave a Reply