Slow Down, Homeland Security: Does Everyone Really Agree That We Need Cybersecurity Legislation Now?
from the why-the-rush,-sparky? dept
So why can't we hit pause and ask for some actual evidence?
Yes, there's a turf war between DHS and the NSA/DoD over who gets to control the purse strings and have more control, but no one seems to be asking for the actual evidence. Instead, they're just trying to push forward as fast as possible. Witness this blog post from Mark Weatherford, Homeland Security's Deputy Undersecretary for Cybersecurity, in which he insists that everyone agrees that we need a cybersecurity law and we need it now:
We must deliver and we must act quickly. It’s time to be bold. The troubling side of spending a week with some of the experts in the cybersecurity world is that when we compare notes on our views of the threat, we all agree that despite the firewalls and layered defenses, we are not always keeping intruders out. We need to continue to sharpen our response tactics and move even faster when an intruder gets inside to limit the damage and protect our information. That requires a fast, unified response between federal agencies and our private partners – which is where Congress can help.I agree that we're not always keeping intruders out -- though I think it should be admitted that we'll never "always" keep intruders out. That's an impossible goal. And I agree that sharing information to build up better defenses could be a good thing. But how do we then take the logical leap that this "requires a fast, unified response" from the government? The operators of these networks already are working hard to keep intruders out and have tremendous incentive to keep improving their defenses. Why do we need regulations to continue that process? That's the part that's never been clearly explained, and it seems like a pretty big gap, which all this talk about the necessary "rush" is designed to paper over.