Technology has left governments behind. You only have to look at the laws that exist today for cyber crimes to see that. There are very few; most of them only affect cyber security issues in regards to health and financial information.
Many people feel there should be more regulations, with many of them arguing the few regulations that do exist don’t go far enough to protect businesses, organizations, or individuals. To make matters worse, this all depends on whether or not the offender can be caught, identified, and successfully prosecuted. Others, however, are not so sure the government should stick its nose in.
The Debate Over Cyber Security
Currently, there are few federal cyber security regulations, and only three have been enacted by the United States government. Additionally, debate has raged between the private sector and those proposing various regulations. While many individuals on both sides feel more regulation and laws are necessary, they can’t seem to agree on how or how much to regulate.
The private sector has several concerns when it comes to the addition of more regulation. One of these fears is that it may negatively impact innovation in this area. Others cite financial concerns as well as a belief that more regulation inhibits the flexibility of the private sector to find workable solutions to cyber security issues. They feel any laws or restrictions that go beyond the minimum guidelines will not only affect creativity, but impact profitability.
Proponents of further legislation have stated the private sector has failed to produce effective tactics to deal with the problem, therefore more regulation is needed. These people aren’t just regular, every-day Joes either. Government officials and even some security experts have jumped on the bandwagon. They believe some regulation is better than none, and without it, the private sector will not be able to up with cyber threats.
This side of the argument generally feels companies and organizations should be held responsible for any security breaches, or at least show some responsibility for them. They would like to see the government make quality online security a requirement for any business or organization online, not just a suggestion.
Some Security Regulations In Place and More Are on the Way
Congress has considered many proposals regarding this hot-button topic, but few of them have been enacted. An amendment to the Gramm-Leach-Bliley Act of 1999 regarding financial institutions and privacy included a section requiring businesses and institutions to provide privacy information to their customers. It also requires them notify users of any breach in security.
This amendment affects any business or organization that accepts credit cards as payment. Proposed regulations take this one step further. Companies maintaining personal information, such as data brokers, may be required by law to detect malicious or unlawful activity and to minimize their effects on consumers. They will also be required to provide data accuracy and confidentiality in an effort to battle identity theft and cyber fraud, which have both reached all-time highs.
Financial institutions are not the only focus for the White House. Essential services such as utilities, chemical plants and the majority of industries dependent on a secure network in order to function are all major concerns.
Recently, the White House introduced new cyber security legislation, which would create a network of information shared between the government and the online industry. This new legislation would combine FISMA reform, notification of data breaches, cyber crimes, and personnel information together in a single set of laws and regulations. The biggest holdup at the moment is the debate over how much this new legislation will affect the private sector.
White House May Criminalize Some Cyber Attacks
The US Government has remained relatively quiet about the many other bills that have been proposed in recent years. In the area of cyber-attacks, a bill focusing on phishing and spyware made its way to the House of Representatives. The proposed bill would criminalize all acts of this nature.
Several dozen other bills have been presented and are pending as well, but because of their extremely diverse approaches to the issues, most of them remain tied up and could stay that way for some time. Recently, the White House sent a proposal to Capitol Hill meant to protect the vulnerable online infrastructure and increase security for programs originally designed without security in mind.
Some kind of legislation will likely be enacted in the near future in an attempt to strengthen security and protect private information, but no one really knows how long it will take, exactly what they will include, and what kind of effect it will have on cyber attacks. Sadly, in a world where time is measure in milliseconds, instead of days, you can’t help but wonder if legislation will ever be able to keep up.