TRENDING:

The Public Eye with Eric Chabrow

Regulating Cyberspace

Eric Chabrow (GovInfoSecurity) • October 5, 2009    
Regulating Cyberspace

Can the nation's IT system, especially the mostly privately owned critical infrastructure, be secured without a heavy dose of federal regulation? It's a great question that needs to be further explored.

Speaking at a forum last week sponsored by Georgetown University's Institute for Law and Politics and the Lawrence Livermore National Laboratory, senior fellow James Lewis of the Center for Strategic and International Studies, said:

"We're in a dilemma because we have a very powerful lobbying machine with the idea that government should not regulate, should not intervene and should remain small. Even in national security, that has traction."

Indeed, many of the IT security experts from the IT industry I've spoken with contend that government and the private sector should consort with one another to develop best practices to secure critical IT systems but felt regulation was overkill. Typical was the conversation I had with Stanton Sloane, CEO of SRA International, an IT integrator that specializes in government work. Here's what Sloan said:

"All of the U.S. wants to make sure that government is as limited as it needs to be. That said, some of these things can only be addressed through the resources of federal government because of the breath of the problem, the nature of the problem, the technology of the problem; it's not something that any individual company can address. It requires a collaborative effort"

Still, Sloane sees some sort of federal regulation of cyberspace as inevitable, lamenting:

"Probably, what will happen is that it will get to the point where there will be a call for government involvement. There will be some crisis or some disaster, something will shut down the electrical grid for a couple of days or something that will trigger a response; that's certainly feasible. The current environment seems to be more government regulation on things than less."

The IT advisory service Gartner sees that catastrophe happening, in the form of the exponential increase in IT security breaches over the past few years. It's only a matter of time - 2015, Gartner predicts - that the IT industry will be regulated. Here's why, according to Gartner fellow and vice president Richard Hunter, in another summertime conversation I had:

"There's a trajectory that industries tend to follow; when an industry is extremely successful - that is to say that when an industry succeeds in moving its products and services right into the heart of daily life - regulation tends to follow."

It happened to other industries, and it will happen to IT.

Yet, the debate how best to get the private sector needs to be bumped up a notch or two sooner than later. As former CIA director Michael Hayden said at the Georgetown panel discussion, the United States will remain susceptible to mounting cybersecurity dangers caused by a "national allergy" toward discussing Internet risks and regulations. Hayden characterized talking about cybersecurity in American political culture is akin to children chatting about sex with their parents , adding:

"Everyone is uncomfortable with the conversation."

Get ready for some discomfort.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.