Earlier this week (January 13, 2015), President
Obama unveiled a slew of proposed cybersecurity-related initiatives, ranging
from updated cyber-information sharing legislation to empowering and re-tooling
law enforcement to battle cyber-crime; from new data breach reporting
requirements to a February 2015 White House Summit on protecting
consumers online.
These are all laudable initiatives, indeed,
necessary initiatives (although, in light of countless Snowden-unveiled tidbits
over the last couple of years, I have my worries about overly-broadly better-empowering
law enforcement which, in cahoots with U.S. intelligence agencies, seems to
have demonstrated a frighteningly consistent pattern of abuse of such power).
But, to some extent, these proposed initiatives
all miss the broader and more critical point: Cyberspace is global, borderless. And, so too, is cyber-malice. Thus, until and
unless the Administration devotes similar – indeed, more forceful - attention to identifying
and agreeing globally-applicable disciplines, domestic remedies such as
proposed may be challenged to succeed, at least in the grand cyber-scale of
things.
Yes, the proposed information sharing legislation
would enable the public and private sector to better exchange information about
and better analyze, understand and effectively address cyber threats, as well
as better safeguard Americans’ personal privacy through the institution of
stricter requirements for private companies that collect or use personal data.
Yes, modernizing the legal ecosystem to allow
for the prosecution of the sale of things like spyware used to stalk or commit
ID theft, as well as the criminalization of the overseas sale of stolen U.S
credit card and bank account numbers, and the granting of authority to courts to
shut down botnets engaged in DDOS attacks and other criminal activity, are all
good and necessary things.
Yes, simplifying
and standardizing existing State laws that require businesses to notify
consumers of data breaches and corralling them into one Federal statute should indeed
serve to both better incent businesses to upgrade their cybersecurity and,
thus, better stem the tide of identity theft, financial compromise, etc.
And, yes, the
proposed February 13 “White House Summit on Cybersecurity and Consumer
Protection” at Stanford - which will include Administration leaders, CEOs from a
range of industries, law enforcement representatives, consumer advocates and
technical experts – cannot help but contribute constructively to better educating
and protecting American consumers and companies.
These
initiatives all seem to acknowledge the need to restore consumer and corporate
trust in the networks that power our digital lives and livelihoods, as well as the
integrity of the data that funnels through or resides in such networks. This is a good thing (notwithstanding that
the initiatives seem to utterly ignore widespread concerns related to U.S. Government
domestic surveillance, espionage, etc.).
While a “fortress
America” approach to cybersecurity might be a welcome panacea for the masses, it
is insufficient to deal with more global and more potentially devastating
cyber-threats, whether Government-spawned malware like Stuxnet, massive-scale DDOS
attacks, the theft of billions in intellectual property, or, the big fear, the
disruption or destruction of critical infrastructure.
Pre-Snowden,
the Administration was quite bullish on setting and enforcing global cyber norms
and standards. As Snowden’s Revelations
have wreaked havoc on America’s cyber credibility, the U.S. seems to have hunkered
down, shying away from the lead on global solutions, and, by virtue of that seeming
withdrawal, to some extent actually perpetuating global insecurities and
vulnerabilities.
This week’s
White House announcements were heartening, and, hopefully, will lead to an improved
State of the cyber-Union, as well as some level of restored confidence in the
integrity of networks and data. However,
these initiatives are but domestic pieces of a much bigger global puzzle, the
completion of which should remain of the highest priority to U.S. authorities if the domestic initiatives are to be truly meaningful in the long-term.
No comments:
Post a Comment