On 5/8, Tom Gjelten reported for NPR on the divide between business leaders and national security leaders over cybersecurity legislation. According to the article, critical infrastructure owners dislike the stricter bills (like the Senate Dem's Cybersecurity Act of 2012, or CSA) because they would put a "vast regulatory structure" in place. Those private business owners would then shoulder the brunt of that structure's costs.
On the other hand, the national security types choose security over avoiding regulation. Especially, as Stewart Baker put it, "When you've had responsibility and had to live with the possibility that tomorrow you'll wake up and on your watch something very bad has happened, you have a different view about the importance of being able to do something about it."
The article went on to question whether a profit-driven entity is up to the challenge of voluntarily spending enough to ensure proper cybersecurity. I, for one, doubt it. I don't know if that means they should be mandated to spend it, however.
There's more to the NPR article, you can find it here.
Leave a Reply