A bill by Jay Rockefeller (D-WV) and co-sponsored by Olympia Snowe (R-ME) called the Cybersecurity Act of 2009 (yes, I know, but remember the Senate is, well, a bit slow) just dropped out of committee and may see floor action soon.*
It’s an interesting piece of work, and only 50 pages, so I’m actually going to read it in toto and comment on some of the more controversial aspects. (Teaser: it has a Presidential Internet Kill Switch!) Update: Sigh, there’s no kill switch any more.
In support Rockefeller and Snowe put out a typically alarmist Op-Ed in the WSJ (sorry, lameo paywall) threatening that We Are Not Prepared. Their main point, though, is sound:
President Barack Obama is right to call cyberspace a “strategic national asset.” The challenge is that 85% of these assets are owned by private companies and individuals. The government cannot protect cyberspace alone–and neither can the private sector. Therefore, we need proactive collaboration.
They also suggest that cybersecurity principles should be as well-known as Smokey the Bear’s injunctions. I’m not sure that it can be summed up so pithily, but any public education is good, I suppose.
A concern: they call for
…a market-driven process that encourages businesses to adopt good cybersecurity practices and innovate other ways to protect our security.
I’m not sure how this would be different than what we have already, which does. not. work. There simply aren’t incentives for companies to put computer security first and foremost either in coding software or in protecting sensitive data.
Strong legal liability for vulnerable software would be a better step. If your car bursts into flame predictably – or accelerates unpredictably – you can be on the hook for big fines. If you’re Microsoft, well, you promise to do better next time. Nail them in the stock price and the problem will get fixed.
* Of course, we must keep in mind that the Senate might be eliminated due to budget cutbacks.