If There's A National Cybersecurity Policy, What Should It Cover?

from the if-anything... dept

A bunch of folks have been sending in the various news stories about a new report recommending to the incoming presidential administration a set up a national cybersecurity policy, which is the sort of broad pronouncement that many people would instinctively agree with. However, it's not really clear what this covers. The report covers both government and private companies' computer networks, as if the issues and challenges facing each should be covered under a single plan. There's also talk of some new kind of warrant called "data warrants" rather than search warrants. Obviously, protecting internet infrastructure from foreign attacks is a good thing, but there's a lot here that seems like a grab for power -- and the ability to more closely gather and monitor data.

The fact that government networks and security of government computers is a mess is one issue, but it shouldn't be mixed in with private companies protecting their own data. The two issues should be tackled separately. If the government needs to fix its own computer network and security policies, that seems like a reasonable job for the national CIO that Obama has indicated is a part of his plan, rather than a separate cybersecurity policy.

Filed Under: cybersecurity, national policy

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Xiera, 9 Dec 2008 @ 4:14pm

    What it should cover

    I think there are two things to consider here:

    1) National security - there are already standards in place to protect classified government information and these clearly apply to electronic data as well. Persons or organisations with access to the classified information must have the necessary clearance and a need to know. It is then their responsibility to safeguard the information. This isn't so much a technology issue -- though technology such as data encryption should obviously be used -- as much as it's a social issue. Because the existing system is based on trust (and background checks), the answer, it would seem, is harsher punishment for breaking these laws. Granted, it doesn't do much in the way of prevention, but some things (particularly social things) cannot be solved with technology.

    2) Personal security - the only other area of concern, as far as I can tell, is safeguarding personal information. This includes credit card information, social security numbers, etc. While any and all services that require this kind of information should take every measure possible to protect it, the protection provided is not always sufficient. If the government is going to impose IT laws, it should be the information security aspect that is the central theme. Personal information of any kind should be treated like classified information with suggestions and guidelines to follow to secure the information and harsh penalties for not following the regulations.

    Imposing legislation on any matter other than national or personal security is wrong and a violation of the greatest right in America: choice. Persons and organisations should maintain the right of choice in all matters, so long as their choices do not negatively impact the security of others.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Report this ad  |  Hide Techdirt ads
Recent Stories
Report this ad  |  Hide Techdirt ads


Email This

This feature is only available to registered users. Register or sign in to use it.