The Obama Administration, DOJ, and Cybersecurity
At a recent government cybersecurity panel, a DOJ official’s response highlighted the continuing challenges facing cybersecurity. When asked by Sen. Sheldon Whitehouse (D – RI) about the adequacy of current cybersecurity laws, DOJ official James Baker (not to be confused with former Sec. State Baker) indicated the answer was no.
An article at PCWorld.com highlights this panel discussion, as well as a telling comment from Larry Clinton, president of the Internet Security Alliance (ISA). Clinton urges that the government not enact laws that regulate private business cybersecurity practices. Instead, his organization (which includes Raytheon, Boeing, Verizon, IBM, and Northrop Grumman as sponsors or full members) insists that market forces be allowed to lead business to the best practices.
In light of the growing attacks on businesses and government agencies, is it wise to wait for the market to serve as a corrective force in cybersecurity? Or, should the government take on a larger role? While some pending legislation is far from perfect, Congressional and Executive responses warrant an enhanced and more expert role, rather than a diminished one. Furthermore, perhaps the ISA’s recommendation hints at an alternative – private firms could shore up the government’s role in protecting our electronic infrastructure.