[Infowarrior] - House OpEd: Feds not best guard of cyberspace

Mon Mar 7 08:58:12 CST 2011

Feds not best guard of cyberspace
By: Rep. Bob Goodlatte
March 7, 2011 04:31 AM EST
http://dyn.politico.com/printstory.cfm?uuid=8D156113-A590-D967-37B04D71AAF221A6

More than 90 percent of the nation’s critical information infrastructure is operated by the private sector. Protecting cyberspace, however, is not just about securing our nation’s critical information infrastructure, but promoting economic security. 

The online and physical worlds have become so intertwined that vulnerabilities in the information infrastructure now pose real risks to physical establishments and individuals. One can easily envision a situation in which a hacker could electronically break into a critical infrastructure and cause the failure of a physical establishment — such as a hospital — which would result in serious injury or death. 

In 2004, worldwide economic damage from digital attacks was between $46 billion and $56 billion, according to a Congressional Research Service estimate. In 2009, the White House released the “Cyberspace Policy Review,” that estimated 2008 losses from data theft to be as high as $1 trillion. 

These numbers represent a good reason for the private sector to take cybersecurity seriously. The security of the American people is of paramount importance. 

While the government has a crucial role to play, any policy to improve private-sector cybersecurity should not be overly burdensome and counterproductive to economic prosperity. Regulatory mandates are not only unlikely to lead to private-sector cybersecurity improvements, they would likely hinder economic growth. 

The regulatory process is time-consuming and does not move at the speed of the online world. Online capabilities and capacities change rapidly — so rapidly, that any regulations for cybersecurity would probably be obsolete by the time they could be enacted, if not before. 

In addition, imposing a regulatory scheme that increases costs for United States companies would put them at a competitive disadvantage to their foreign counterparts. 

Similarly, any government effort to take control of the Internet through a “kill switch” should be strongly resisted. Such a drastic measure has the ability to fundamentally alter the way the Internet functions and the way online business is transacted. 

Congress should be looking for ways to encourage the private sector to do more to protect its infrastructure from cyberattacks. One way would be to provide limited liability protection to companies that take steps to improve their cybersecurity capabilities.

After Sept. 11, terrorism insurance was virtually nonexistent, even as the nation needed anti-terrorism products and services more than ever. The lack of insurance was a hindrance for many companies. 

Congress responded with the Support Anti-Terrorism by Fostering Effective Technologies Act, which provides liability protection for manufacturers whose products and services are used in combating terrorism. 

Providing civil-liability safe harbors to companies that demonstrate compliance with cybersecurity best practices would encourage the private sector to adopt effective measures. 

An additional security component of cyber space is public engagement. When companies understand and appreciate the potential losses that can occur through a cyberintrusion, it becomes in their best economic interest to improve their cybersecurity capabilities. 

Corporate entities should be encouraged to share experiences and best practices to help identify vulnerabilities and solutions. The government should be a partner in this. 

Congress should also look at the criminal code to ensure that cybercrime laws are up to date and can deal with the evolving threats posed by hackers and other cybercriminals. Our nation’s law enforcement agencies should have the necessary tools to investigate, apprehend and prosecute cybercriminals. The nature and manner of cyber crime is continuously evolving — and we must ensure that our laws address the realities of this changing threat. 

Finally, because unsecure individual computers can be used to launch attacks against others, it is important for the government to convey to citizens how important they are to our nation’s cybersecurity efforts. 

Computer users need to realize just how vital it is for individual Americans to take their cybersecurity seriously, not just as a matter of personal safety — but for our country’s security. By implementing relatively simple measures, they are not only protecting themselves and their families, they are contributing to our national efforts to secure critical infrastructures, such as telecommunications, energy, manufacturing, water, health care, transportation and emergency and financial services. 

Rep. Bob Goodlatte (R-Va.) is chairman of the House Judiciary Subcommittee on Intellectual Property, Competition and the Internet.