Thank you for stopping by for a visit. You are invited to read and comment on anything posted on this blog. I advocate the maximum amount of Personal and Economic Liberty, consistent with the defense of individual rights. I am fiscally conservative yet socially tolerant, I favor lower taxes, free trade, individual rights, strong national defense and limited government. I subscribe to the Freedom Fighters Creed: I am an American Patriot, defender of the Constitution, First Principles and Essential Liberty.

I believe that buried deep down inside every Conservative you'll find a Libertarian - And Inside Every Liberal Is A Totalitarian Screaming To Get Out.

"One of the penalties of refusing to participate in politics is that you end up being governed by your inferiors" - Plato

FYI any crude or vulgar comments will be removed from the blog.

Friday, September 14, 2012

Congress Should Not Enable Executive Orders on Cybersecurity

The discussion over improving U.S. cybersecurity has moved from a debate over different pieces of legislation to speculation and expectation that President Obama will issue an executive order. Congress repeatedly declined to adopt a regulatory approach to cybersecurity, yet the Administration has drafted an executive order that begins the development of a regulatory system.
There is language in the pending continuing resolution (H. J. Res. 117) that appropriates funds that might be used to fund implementation of the cybersecurity executive order. This is a case of stealth government. Congress should be careful not to provide a blank check for an executive order that has not been published yet and could implement measures that Congress refused to put into law. That is the wrong approach to deciding Washington’s appropriate role in strengthening the nation’s cybersecurity.
A Regulatory Approach Is Wrong for Cybersecurity
Over the past year, the House of Representatives chose not to adopt a regulatory approach to cybersecurity, and the Senate was unable to pass its regulatory bill, the Cybersecurity Act of 2102. Many lawmakers in the House and the Senate simply do not believe regulations make much sense in cybersecurity, and they are exactly right. However, President Obama has a history of ignoring the views of legislators and imposing his will through executive order.
In cybersecurity, regulations have several critical drawbacks. One is that regulations will likely harm innovation. If the government says that companies need to have specific security measures, then cybersecurity investors and innovators will focus their work on the regulation-approved approaches—to the detriment of possibly better approaches that are not approved by the regulations.
In addition, regulations are simply too slow and too static to keep up in the cyber realm. The average time it takes to write a major regulation is 24–36 months. Computing capacity and power, on the other hand, double every 18–24 months. If the writing of regulations began now, they would be focused on today’s threats. In 24–36 months, when the regulations came out, computing capacity will have doubled or tripled, with a whole new array of dangerous threats.
Finally, regulations encourage compliance at the cost of real security. In many government programs, the regulated parties often do whatever is needed to check the boxes but perhaps little more. Any solution to cybersecurity should be nimble and adaptive, not a mere to-do list for fighting yesterday’s threats. CONTINUE READING

No comments: