Issues

Government Authentication
Personal Identity
Federal Standards
Governance
R&D
Resources
Legislation and Policy
Liability
Power Grid
Procurement


Library

o Government Authentication Library
o Personal Identity Library
o Federal Standards Library
o Governance Library
o R&D Library
o Resources Library
o Legislation and Policy Library

CRE Interventions
  Agency Administrative Actions
  Rulemaking
  Litigation

 ICANNfocus Archives

  

Is Regulation the Answer?
A senior member of Congress has suggested may need to consider a variety of measures, including new regulations, to spur the private sector to take cybersecurity more seriously. Although expressing a preference for the industry to take the lead in improving cybersecurity, the Chairman of the House Economic Security, Infrastructure Protection and Cybersecurity Subcommittee stated, "Congress could do it totally by regulation, to impose our judgment on the private sector to do those things that we think must be done."

There are important roles that need to be played by both the public and private sectors in improving cybersecurity. The issue that still needs to be addressed is defining the role of each stakeholder.

It may be easier to state that it could be taken care of "totally by regulation" than to actually enact efficient and effective regulations that would achieve the common goal. Given the rapid developments in both cybersecurity defenses and attacks, it is a bit questionable whether the federal government could ever achieve significantly enhanced cybersecurity through regulation.

The Congressman stated that the "government needs a better handle on the cybersecurity risk, particularly to Internet-powered supervisory control and data acquisition (SCADA) systems that control such critical infrastructure as dams, electricity grids and water and sewer systems."

Wisely, the Chairman noted the problems with pursuing a regulatory approach to cybersecurity by explaining, "My fear is, if we do that, we will stifle the kind of innovation that's available to the private sector to come up with their own fixes." He also stated that "One thing is abundantly clear … that is a government that attempts to everything for everybody and solve every problem will probably do a very poor job at anything. If we at the federal level believe we can answer all questions, we in fact will answer very few very well."

The government cannot answer all or even most of the questions. Instead, they need to ask the right ones and cooperate in – not dictate – the development of responsible answers.

  • See MacWorld news story


    • Copyright © 2005 The Center for Regulatory Effectiveness.
    All rights reserved.