Editor’s Note: For more information on the need for federal cyber security regulations, in whatever guise, to be cost effective, see Cost-Effectiveness: The Prerequisite for Cybersecurity Regulation.
From: Slate
Is there any part of the U.S. government that is not looking to ramp up its involvement in cybersecurity issues? The latest organization to join the likes of the Department of Defense, Department of Homeland Security, Department of Treasury, Federal Trade Commission, and National Institute of Standards and Technology in the quest to secure cyberspace is the Federal Communications Commission, whose chairman, Tom Wheeler, gave a speech at the American Enterprise Institute on June 12 outlining the need for a “new paradigm for cyber readiness.” There’s a cybersecurity turf war in the making for government departments and agencies, but no one seems to be offering concrete actions, steps, or plans for addressing these issues.
Take the FCC’s “new paradigm”—a “private sector–led effort” that Wheeler said “must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices.” He added that it “must be real and meaningful. It has to work.” In other words: It has to be better than what we have now. Now, Wheeler’s not wrong—addressing cybersecurity will require more dynamic defense and a better grasp of security metrics and measurement than we currently have—but so far there are no specifics, no direction, no clear vision for how he, or anyone else in the U.S. government, is planning to achieve those goals. And that’s a pity, because he, and the FCC and the other government actors interested in helping industry protect against cybersecurity threats, are actually in a position to add some pretty vital pieces to this puzzle. But those pieces have nothing to do with abstract concepts of paradigms and frameworks—they have to do with facts and data.
Leave a Reply