Rethinking the Cybersecurity Equation

By: Stephen Recca, M.A., CTU Program Director for Homeland Security

Cyber SecurityLegislative attempts to gain a measure of control over the burgeoning issue of cybersecurity are causing considerable angst among policymakers, special interest groups, the media, and experts of every stripe.

With a focus on the furthest-along of various bills, the House-passed Cyber Intelligence Sharing and Protection Act, the cybersecurity debate centers around claims ranging from “The bills are too lenient on privacy.” to “The bills are too severe.” and “They place an undue burden on industry.” to “They don’t place enough responsibility with industry.”

Amid the debates, nothing is accomplished.

Legislation Premature
The reality is, it is premature to even attempt to legislate cybersecurity at this stage. We have neglected the first and essential part of the equation: developing a coherent policy framework that reflects the nuances of this fast-moving field. Once that is accomplished, then it will be time for legislators to introduce the regulatory and legal structure to govern it.

Policy should not be developed unilaterally. It requires a broad synchronization of thinking by the best minds in government, industry, and academia. A critical starting point is achieving some modicum of balance between privacy and security.

And that is where we continue to stumble.

Balancing Risk
In finding that balance, an issue lies in how we assess risk and how much risk we’re willing to assume. And this is a politically charged issue for any administration; much less in the currently-polarized Washington environment. No president wants to say, “You, John Q. Public, and you, Big Business, must both assume some level of risk in all this.”

It is impossible to protect against every sort of cyber-attack. Like it or not, we must all assume some level of risk to ensure we continue our American way of life. In business, some tolerance for risk is assumed. However, in the public sector, there is less tolerance. This resistance to risk causes our legislative efforts to fall short.

What’s Next
We need to take a hard look at our cybersecurity policy and ensure those that that frame it are the best minds private and public sectors can bring to the table. Those leaders need to identify the particular cybersecurity issues that can and cannot be solved legislatively. Further, the balance between privacy and security must be determined from the basis of a realistic evaluation of the risk scenario.

The cyber realm is a fast-moving field. Policymakers don’t really seem to understand it. Security experts are more attuned to its nuances. What’s missing is thoughtful leadership in cybersecurity policy – those knowledgeable in technical, strategic and political aspects across the government and the private sectors. America needs to be thoughtful about the inclusive process by which we develop and adjust our cybersecurity policy; and arm it legislatively in a way that demonstrates a national approach in balancing security and privacy. As the global leader in information sciences, the United States is responsible for establishing the standard with our next actions.

Explore legislative action involving cybersecurity, or read the open letter to Congress drafted by CTU’s University Dean of Homeland Security, Bob Lally, with fellow leaders.

Learn more about Steve Recca, Program Director for Homeland Security at Colorado Technical University and follow his tweets @CTUHomeland.

Image credit 


Terms and Conditions

By providing your mobile number, you agree to receive text messages from Colorado Tech via its mobile text message provider.  You may opt out of receiving messages by texting the word STOP to 94576, or simply reply with the word STOP to any text message you receive from Colorado Tech.

While CEC or its mobile text message provider will not charge end users for receiving/responding to promotional messages, depending on the terms of your mobile phone plan, you may incur a cost from your mobile service carrier to receive and respond to any promotional text messages (standard messaging and data rates/fees and other charges may apply).  Charges will appear on your mobile phone bill or will be deducted from pre-paid amounts.  Current participating/supported carriers are: Alltel, AT&T, Boost, Cellcom, Cellular One, Cellular South, Cincinnati Bell, Cricket, Element Wireless, Golden State Cellular, iWireless, Metro PCS, Nextel, nTelos, Plateau Wireless, Sprint, T-Mobile, US Cellular, Verizon Wireless, Viaero Wireless, Virgin, and more.

×