Is FEMA The Best Group To Model A Cybersecurity Agency After?
from the proactivity dept
There's been a lot of talk about the cybersecurity policy actions the Obama administration will undertake, with few clear ideas on exactly what such a policy should entail, or what powers the much-discussed cybersecurity "czar" should have. One of the supposed leading candidates for the czarship says that what the country really needs is "a FEMA for the internet" that can coordinate responses to electronic attacks and problems. The wisdom of invoking the idea of another FEMA doesn't seem too wise, given the agency's rather tarnished reputation following its ham-fisted response to Hurricane Katrina and other disasters, but leaving that aside, there may be deeper issues. FEMA's role is largely preparedness for and reaction to natural disasters; shouldn't a cybersecurity agency be focused more on prevention than reaction? The idea of something like FEMA makes sense in the context of natural disasters and emergencies, since they are largely unpreventable and inevitable. But isn't cybersecurity an area in which prevention of disasters and attacks is arguably more important?