Slow Down, Homeland Security: Does Everyone Really Agree That We Need Cybersecurity Legislation Now?
from the why-the-rush,-sparky? dept
We've been following the debate over the new cybersecurity bill, while still asking for detailed explanation of why it's needed that is a bit more specific than politicians screaming about airplanes falling out of the sky. To date, no one seems to be able to show any real threat -- other than a bunch of folks in a position to profit from the fear mongering, yelling "trust us! it's bad!" But we've seen this game before, and it's how a lot of money gets wasted, privacy rights are eroded, and nothing is done to deal with any real problem.So why can't we hit pause and ask for some actual evidence?
Yes, there's a turf war between DHS and the NSA/DoD over who gets to control the purse strings and have more control, but no one seems to be asking for the actual evidence. Instead, they're just trying to push forward as fast as possible. Witness this blog post from Mark Weatherford, Homeland Security's Deputy Undersecretary for Cybersecurity, in which he insists that everyone agrees that we need a cybersecurity law and we need it now:
We must deliver and we must act quickly. It’s time to be bold. The troubling side of spending a week with some of the experts in the cybersecurity world is that when we compare notes on our views of the threat, we all agree that despite the firewalls and layered defenses, we are not always keeping intruders out. We need to continue to sharpen our response tactics and move even faster when an intruder gets inside to limit the damage and protect our information. That requires a fast, unified response between federal agencies and our private partners – which is where Congress can help.I agree that we're not always keeping intruders out -- though I think it should be admitted that we'll never "always" keep intruders out. That's an impossible goal. And I agree that sharing information to build up better defenses could be a good thing. But how do we then take the logical leap that this "requires a fast, unified response" from the government? The operators of these networks already are working hard to keep intruders out and have tremendous incentive to keep improving their defenses. Why do we need regulations to continue that process? That's the part that's never been clearly explained, and it seems like a pretty big gap, which all this talk about the necessary "rush" is designed to paper over.
Filed Under: cybersecurity, cyberwar, dhs, dod, evidence, mark weatherford, nsa