by Amy Payne
November 14, 2012
from TheFoundry Website



  • Do you trust the federal government to keep your personal data safe?

  • What about your businessís records and trade secrets?

If you answered ďno,Ē you have good reason - the federal government has had 13 breaches and failures of its own cybersecurity just in the last six months.


Yet the President and his allies in the Senate are pushing forward to regulate Americaís cyber-doings, without any clues about how much this will cost us or how it will work.


Itís become the norm with this President - if Congress fails to accomplish his objectives, he goes around it with executive orders and federal regulations. Heís doing it again.


Congress did not pass the Cybersecurity Act of 2012 before the election, so the President has issued a draft of an executive order to put much of that legislation in place without lawmakers voting.


Not to be left behind, though, Senate Majority Leader Harry Reid (D-NV) may try to get another vote on the bill before the end of the year - some are saying as soon as this week.


If the idea of cybersecurity - trying to secure all of the countryís sensitive computer networks and data - sounds abstract, thatís because it is. Itís so abstract, in fact, that the legislation and executive order our leaders are pushing offer few details about what they would actually do, other than piling more confusing regulations onto businesses.


When you think about it, the idea of the federal government trying to be on the cutting edge of technological security is pretty laughable.


As Heritageís David Inserra notes:

Simply put, government regulations usually take 24-36 month to complete, but the power of computers doubles every 18-24 months. This means that any standards developed will be written for threats that are two or three computer generations old.

A federal government that stays hopelessly behind the curve and canít even secure its own networks doesnít exactly inspire confidence.


But oh, it can regulate!


The Presidentís executive order would give multiple federal agencies new power to regulate businesses. It would work much like Obamacare, which passed with few details but gave agencies like Health and Human Services a blank check to write regulations.


One of the incentives it may use to keep businesses in line is favoritism in awarding federal contracts - businesses that met the governmentís cybersecurity standards could be moved to the head of the line.


Heritage visiting fellow Paul Rosenzweig will explain in a new Issue Brief due out tomorrow that,

ďthis order will likely be very significant and very costly while not providing important cybersecurity solutions, such as effective information sharing.Ē


  • How much will it cost businesses to comply with all these new (yet perpetually outdated) regulations? We donít know.

  • Will the standards be voluntary or mandatory? Also unknown.

  • Can companies share information about cyber-threats they have detected, with confidence that their sensitive information will be protected? No guarantees.


With so many unanswered questions, the executive order - or the legislation - would create massive headaches for businesses and could hinder innovation. Just what the economy needs.



Additional Information











President Obama Signs...

Secret Directive' on Cybersecurity

by Mike Masnick
November 14, 2012

from TechDirt Website




From the "it's-so-secure-it's-secret" department...


While we're hearing that the Senate is likely to take up (though not pass) the Cybersecurity Act yet again either today or tomorrow, and the White House is still sitting on a cybersecurity "executive order," in the meantime it's being reported that President Obama has signed a "secret directive" to allow the military to "act more aggressively to thwart cyberattacks."


This is limited to the military, but that means we're talking about the NSA (which is a part of the Defense Department). Considering that it seems to view a stronger offensive effort (i.e., collecting all data) a key part of a strong "defense," this is worrisome.

The really troubling part in all of this is the really unnecessary level of secrecy. We keep being told scary bogeyman stories about online attacks without any evidence or proof.


And now the President is signing a "secret" order allowing the military to do more in response? Without any real scrutiny, it's not difficult to see how these things expand unceasingly and are wide open for abuse.


Given the NSA's track record here, it's inevitable that these efforts will be massively abused.