New cybersecurity legislation in the pipelineMonday, September 5, 2011 at 10:36 am by Farid Zakaria
Computer and cyber attacks are on the rise. Just three months ago, a breach at Citigroup, which has the largest financial services network in the world, exposed the financial data of more than 360,000 customers. Computer and cyber attacks are not limited to personal and financial data; their many uses include the theft of corporate intellectual property, military espionage, or even cyberterrorism and cyber warfare. Attacks on the networks controlling essential services such as power could have catastrophic consequences. Consequently, the Pentagon is reported to be considering a new policy that would deem cyberattacks originating from foreign nations to be acts of war that may result in a military response.
As the world continues to become more computerized and interconnected, these issues will only grow in importance. Unsurprisingly, both the government and the private sector are expending considerable resources to protect their computer networks in the face of mounting threats.
A white paper co-authored by the Center for Democracy and Technology and published earlier this year considers the ways in which our nation’s cybersecurity can be improved. The paper argues that the government should continue to work closely with the private sector on this matter. The public-private partnership model is preferable to more government-directed models because the former has significant privacy and civil liberties advantages. First, it leaves monitoring responsibilities for private networks rather than with government agencies. Second, it promotes transparency. Third, it allows “for robust coordination and information sharing between the government and private sector network operators within carefully defined limits, which comports with both legal and constitutional obligations.”
In May of this year, the White House unveiled its legislative proposal for cybersecurity. As Congress considers President Obama’s proposal and passes new cybersecurity legislation, it should examine the findings of the white paper and implement its recommendations.