How to Build Effective Cyber Defenses
Top Obama administration officials have been pressing the U.S. Congress hard for legislation to improve network security for the computer systems that run the nation’s critical infrastructure. The House passed the Cyber Intelligence Sharing and Protection Act (CISPA), while the White House supported the 211-page Cybersecurity Act, which failed to get a vote in the Senate before legislators went on recess. Citizens now have the summer to ask some important questions before supporting any such legislative effort.The big question, of course, is what problem are we trying to solve?
Administration officials justify cybersecurity legislation by coining words like “cybergeddon” and telling tales of terrorists shutting off the nation’s electricity or causing dams to malfunction, flooding our communities.
Although I’m skeptical, these are serious issues that suggest particular solutions. The problem is that there are other online problems – like economic espionage or copyright infringement – that are getting lumped into omnibus cybersecurity legislation. These are very different issues that arise for different reasons, and justify different solutions. Improving critical infrastructure security will be both politically easier and more effective if we focus on that particular problem. It also decreases the risk that we will stifle innovation or invade privacy for insufficient reasons.