Home / Blogs

Creating a National Cybersecurity Framework: Need For New Regulation?

The Congressional Research Service (CRS) recently released a major new study examining cybersecurity. The report, "Creating a National Framework for Cybersecurity: An Analysis of Issues and Options" discusses a variety of significant public and private cybersecurity concerns.

The CRS analysis lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards and certification to promulgating best practices and guidelines and use of audits among other measures. However, the most crucial observation in the report is that none of the enumerated options "are likely to be widely adopted in the absence of sufficient economic incentives for cybersecurity."

The report goes on to explain that many "observers believe that cyberspace has too many properties of a commons for market forces alone to provide..." the needed economic incentives. Also noted in the report is that current laws, regulations and public-private partnerships "appear to be much narrower in scope than the policies called for in the National Strategy to Secure Cyberspace..." and related documents.

The CRS report discusses a variety of Congressional options for potentially improving cybersecurity including: use of product liability actions; development of cybersecurity insurance; and encouraging widespread adoption cybersecurity standards and best practices as well as "procurement leveraging by the federal government..." The report also notes that it will be updated in response to significant cybersecurity developments.

Thus, the CRS report places two key challenges before the public and private sectors: 1) determining whether there really are insufficient economic incentives for sufficiently strengthening cybersecurity; and 2) if there are insufficient incentives, determining how to craft the most efficient and effective measures for achieving needed cybersecurity improvements.

It is important that all stakeholders, including the government, take the measures needed to secure cyberspace. It is also important that, in attempting to improve cybersecurity, the government not create more problems than it solves. 

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

To post comments, please login or create an account.

Related

Topics

IP Addressing

Sponsored byAvenue4 LLC

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byAfilias