Cybersecurity Legislation Should Force U.S. Government to Listen Less and Speak More

By Jason Healey – To defend itself from the onslaughts of online crime and espionage backed by China and other nations, America’s private sector needs the capabilities of the US government. These tax-paying companies are on the new front lines of the cyber conflict, in which private enterprise is facing nation-state funded threats. Given their role in maintaining America’s critical infrastructure, these companies are not getting what they need. Now, new legislation puts too much stress on their responsibilities to talk to government. There is even talk of forcing cyber monitoring by the National Security Agency upon them.

The Internet is an open network and any adversary that uses novel malicious software knows it will eventually be discovered.  So by sending their attacks over the Internet, the bad guys have themselves already made their signatures public. Accordingly, NSA has plausible cover for declassification even if they relied on a sensitive collection source. more> http://is.gd/EwePGO

Related articles

• Cybersecurity and False Hope ↓
• Dangerously Vague Cybersecurity Legislation Threatens Civil Liberties ↑
• McCain, GOP Leaders Intro Cybersecurity Bill Alternative (theneteconomy.wordpress.com)
• U.S. Cybersecurity Debate Risks Leaving Critical Infrastructure in the Dark (theneteconomy.wordpress.com)
• White House, NSA weigh cybersecurity, personal privacy (theneteconomy.wordpress.com)
• Senators sharply divided over bill to regulate cybersecurity (theneteconomy.wordpress.com)

U.S. Cybersecurity Debate Risks Leaving Critical Infrastructure in the Dark

By Sean Lawson – I have noted previously that hypothetical, cyber-doom scenarios have become a staple of efforts to motivate a policy response to cyber threats. These scenarios often involve hypothetical cyber attacks upon critical infrastructure leading to mass casualties and widespread disruption of daily life. I have argued that such scenarios are not only unrealistic but that the war/disaster framing and the fear it instills encourages militarized policy responses. Thus, the most significant policy response we have seen today has been the creation of a military command, USCYBERCOM.

Then, there is a clear disconnect between the rhetoric used to motivate a policy response and actual diagnoses of the problem. In a previous post, I demonstrated that key cybersecurity policy documents and statements from top policy makers have consistently diagnosed cyber threats primarily in terms of theft of intellectual property and decreased economic competitiveness. more> http://is.gd/ZFXhJu

Related articles

• Cybersecurity: Lots of Answers, Now Let’s Ask the Right Questions ↓
• Senators sharply divided over bill to regulate cybersecurity ↑
• US cybersecurity efforts trigger privacy concerns (sfgate.com)
• Legislation to Address the Growing Danger of Cyber-Threats (whitehouse.gov)
• EU to stengthen its cybersecurity watchdog, Jennifer Baker, IDG News Service/Network World