On the other hand, a key difference between the previously-proposed legislation and the SECURE IT Act is that the latter does not establish a new regulatory and compliance regime for America’s private sector critical infrastructure. To effectively address cyber security, we need an Internet environment in which 1) innovation flourishes to stay ahead of increasingly sophisticated cyber threats, and 2) the very good technologies and solutions delivered by the market are more broadly utilized.
The regulatory obligations proposed in the original legislation include government-established standards for security. Given the pace of technology change, there is substantial risk that these requirements will lag the threats and impede innovation, while creating significant costs and burdens to critical infrastructure operators and related businesses. Consider, for example, how typical best security practices still have not adjusted to the reality of employees introducing personal smartphones, tablets and social media in the workplace. Such regulation could take industry’s eye off the innovation ball and impede the ability of those who are engaged every day in the effort to detect, prevent, and mitigate cyber risks.
It is imperative that we seize this time in history to embrace an opportunity for government and industry to come together to examine the true risk, solutions, and impediments to a broader adoption of available solutions that will in fact improve our cyber posture. We must engage in a comprehensive national dialogue, including an effective approach to education and awareness that includes all user stakeholders in the citizen, academic, business, and non-profit communities. We need to raise the bar of protection by improving basic cyber hygiene that can mitigate exploitable vulnerabilities.
Further, we need to take affirmative and deliberate action to improve detection, prevention, and mitigation of cyber risk through a joint, integrated public-private operational capability to enhance cyber situational awareness during steady state and times of escalated risk. A National Weather Service-type capability that can produce a common operating view of the cyber domain, and deliver timely alerts, along with recommended protective measures is essential to improving our national and global cyber posture.
The bottom line is that our collective path forward to improve cybersecurity must be collaborative between government and industry, and must support innovation, a crucial driver of jobs and economic growth – not to mention the engine that will continue to deliver solutions to detect, prevent, mitigate, and respond to the growing cyber risk. The American people are counting on us to get this right…so let’s get to it.
Dix is vice president, Government Affairs and Critical Infrastructure Protection at Juniper Networks.