In doing research for an upcoming book on defending cyberspace, I have had the opportunity to dive into the world of Cybersecurity legislation and better understand what we have, why existing laws are not getting the job done, and most importantly what we can do to improve the quality and efficiency of the laws we pass moving forward.
The good news is that this year alone we have seen over 50 pieces Cybersecurity legislation proposed to Congress (although I’m not sure when they are finding time to act on them given all the partisan bickering that has been going on… but that’s for the Washington Post to talk about). This sharp uptick shows that at long last, even politicians are starting to realize the importance of Cybersecurity and are making it part of their agenda.
While this trend is promising, the reality is that existing laws are for the most part ineffective in actually preventing, combating or prosecuting cybercrime. Among the reasons why:
1. Lawmakers are having trouble keeping up with the pace of technology
2. Legislative lifecycles and the speed at which technology is being adopted means that laws are often outdated as soon as they are passed
3. State and sector-specific laws create a compliance nightmare for solution providers and use up limited resources
4. No general consensus on who is accountable for data breaches in the Cloud
While these challenges are broad and difficult to overcome, it is not impossible to do. To start with, it is imperative that legislators tap into highly qualified and forward-thinking Cybersecurity experts from industry, government and academia to fundamentally change the way in which laws are written and how they govern. The book will make some recommendations which I don’t want to give away just yet, but they involve changing the jurisdiction of laws, moving the focus of the laws away from the technology, and providing incentives for collaboration.
What are YOUR thoughts on why Cybersecurity legislation is not effective and how we can change that?
TrackBack URI for this entry
Subscribe to this comment's feed
