The federal government has had 13 breaches and failures of its own cybersecurity just in the last six months.
Yet the President and his allies in the Senate are pushing forward to regulate America’s cyber-doings, without any clues about how much this will cost us or how it will work.
It’s become the norm with this President—if Congress fails to accomplish his objectives, he goes around it with executive orders and federal regulations. He’s doing it again. Congress did not pass the Cybersecurity Act of 2012 before the election, so the President has issued a draft of an executive order to put much of that legislation in place without lawmakers voting.
Not to be left behind, though, Senate Majority Leader Harry Reid (D-NV) may try to get another vote on the bill before the end of the year—some are saying as soon as this week.
If the idea of cybersecurity—trying to secure all of the country’s sensitive computer networks and data—sounds abstract, that’s because it is. It’s so abstract, in fact, that the legislation and executive order our leaders are pushing offer few details about what they would actually do, other than piling more confusing regulations onto businesses.
When you think about it, the idea of the federal government trying to be on the cutting edge of technological security is pretty laughable. As Heritage’s David Inserra notes:
Simply put, government regulations usually take 24–36 month to complete, but the power of computers doubles every 18–24 months. This means that any standards developed will be written for threats that are two or three computer generations old.
A federal government that stays hopelessly behind the curve and can’t even secure its own networks doesn’t exactly inspire confidence. But oh, it can regulate!
The President’s executive order would give multiple federal agencies new power to regulate businesses. It would work much like Obamacare, which passed with few details but gave agencies like Health and Human Services a blank check to write regulations. One of the incentives it may use to keep businesses in line is favoritism in awarding federal contracts—businesses that met the government’s cybersecurity standards could be moved to the head of the line.
Heritage visiting fellow Paul Rosenzweig will explain in a new Issue Brief due out tomorrow that “this order will likely be very significant and very costly while not providing important cybersecurity solutions, such as effective information sharing.”
How much will it cost businesses to comply with all these new (yet perpetually outdated) regulations?
We don’t know.
Will the standards be voluntary or mandatory?
Can companies share information about cyber-threats they have detected, with confidence that their sensitive information will be protected?
With so many unanswered questions, the executive order—or the legislation—would create massive headaches for businesses and could hinder innovation. Just what the economy needs.