When making cybersecurity policy, government mustn’t throw critic...
When making cybersecurity policy, government mustn’t throw critical infrastructures into “one big box with a set of solutions that get applied exactly the same in all contexts,” said Leslie Harris, president of the Center for Democracy & Technology. Decisions…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
on power grids and water facilities don’t have “free expression and democracy implications” like the Internet does, she told a media briefing Wednesday. Policymakers should avoid assigning cybersecurity a broad definition “that could squeak virtually any aspect of American life into the mix,” she said. CDT is engaged in the cybersecurity debate at the White House and on Capitol Hill. A White House report on its 60-day review of the federal cybersecurity is due Friday, while Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Sen. Olympia Snowe, R-Maine, have floated a bill in Congress on the topic. Harris expects more cybersecurity bills to show up soon because “at least” eight subcommittees can claim jurisdiction over the issue. CDT plans to assess the White House report based on how it addresses transparency, what entity it picks to lead the cybersecurity effort and what market incentives it establishes for information sharing between government and industry, said Senior Counsel Greg Nojeim. “Transparency builds trust” with businesses and the public, who want to know how their privacy and security will be affected, he said. So far, the Obama administration review team “gets high grades” because they have reached out to all interested parties, Nojeim said. The White House shouldn’t make the National Security Agency the leader of the cybersecurity effort, CDT officials said. The NSA “is not designed or inclined … to protect civil liberties,” said Harris. Worse, the NSA has conflicting interests, Nojeim said. “Say you're the NSA and you discover a vulnerability in a system used by a foreign government and you exploit it. Will the NSA be disclosing information about that vulnerability in order to protect U.S. systems against similar intrusions by foreign governments?” A better choice might be the Homeland Security Department, which was “statutorily charged with protecting critical infrastructure,” he said. DHS has faced problems with funding and leadership, but “that should change with a change in administrations,” he said. In making new cybersecurity policy, the White House doesn’t need to abandon all efforts of the Bush administration, Nojeim said. “Just because something hasn’t worked to date is not a reason to end its activity,” he said. “What they need to do is figure out how to fix problems that weren’t fixed in the last administration.”