Cyber Security Law Vs. Partisan Politics - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity
Commentary
10/31/2014
11:10 AM
W. Hord Tipton
W. Hord Tipton
Commentary
Connect Directly
LinkedIn
RSS
50%
50%

Cyber Security Law Vs. Partisan Politics

Cyber security sometimes turns up as a campaign issue, but effective legislation has stalled. It's time for a rational approach to regaining trust in our digital world.

These days, many people understand that the digital age means more than just high-tech tools, apps, and smartphones. They know that emerging technology brings painful side effects like poor data protection and vulnerable software products, which can be very costly.

The greater the public's concern about a topic, the more likely that topic will become a campaign issue that is debated on the campaign trail and on television ads, ultimately turning up at the voting booth.

Still, in all my years living both inside and outside Washington, I have yet to see a campaign ad that features one candidate bashing the other's position on critical infrastructure protection, breach notification, or any other IT-focused issue. So the question becomes, to what degree during this year's elections will the public make data protection, privacy, and threats to our critical infrastructure an issue? Is fixing an IT problem as important as building that new bridge or funding reform of a local school system? These are all issues that need consideration. Which are most significant to you?

[Running a tight ship: VA Buckles Down On Cyber Security, Program Management.]

As we approach the upcoming elections, I would urge every one of us to take into consideration the magnitude of this problem -- it is ever-present and getting worse by the minute. No longer can we compartmentalize the various breaches that occur on a daily basis and dismiss them as having no direct impact on our own livelihood.

The fact is that everyone is being impacted, in both obvious and not-so-obvious ways. We have reached a stage where peoples' lives and livelihood are at risk every minute of every day. People with life-threatening diseases are going untreated because they don't want their health information exposed for the world to see. Companies are going out of business and people are out of work because of the absence of laws that preserve anonymity after a costly data breach, and our country's critical infrastructure remains under constant attack.

While data security and privacy have come a long way in attracting the attention of our nation's leaders, the public's concern over this issue is not yet commensurate with the negative impact it is having on our national economy, health, and safety -- and it's certainly not great enough to get the attention of political candidates seeking office. Personally, I can think of few greater issues that need attention during the upcoming elections than those of public trust and the privacy/security of personal data.

But are we there yet? Do we realize how hard a hit our banks have taken due to breaches in the past year? Are we aware that we are actually paying for those same banks to run vulnerable software? Do we understand that the same laws that currently protect the consumer from financial devastation as a result of a data breach could change at any moment, leaving the consumer responsible for recovering lost data and/or funds? Or does the issue still represent so insignificant of a threat to our well-being that our local Congressmen/women can justify staying uneducated or unfocused on this topic? Do we even have a voice when it comes to demanding legislative reform of cyber security and data protection practices? My guess is that there is still a lot of work to be done and pain to be felt by the American public before we will see the issues of data protection, privacy, and public trust on campaign agendas.

So what can the average American citizen do to develop a voice on this critical topic? First, get educated. As National Cybersecurity Awareness Month comes to a close, there is an abundance of information and news coverage that is easily accessible online. I am especially excited about a new program we just developed specifically for business managers that will teach them how to prioritize the cyber security role within their organization.

Next, identify what level of priority your local Congressman/woman designates to this issue. Study the candidates from a different perspective this year. Find out who has a background in IT legislation matters and who would be most likely to understand what your state is facing in this current cyber security environment. Believe it or not, there are several politicians and potential candidates who have a solid grasp on the issue. While they might be in the minority, we as voters are the ones who can demand that those in political office prioritize the issue.

Sadly, I have reviewed more than 100 pieces of draft IT legislation over the past few years and know of nothing that has been enacted. The proposals are overly complex and rife with legalese jargon that most lawyers can't understand, much less those in the voting public. Unfortunately, political agendas have brought any action on this front to a halt in recent years. We need to find a way to ensure that cyber security legislation remains a nonpartisan issue.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments,  and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, is currently the executive director for (ISC)2, the not-for-profit global leader in information security education and certification. Tipton previously served as chief information officer for the U.S. Department of the Interior ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
10/31/2014 | 12:39:15 PM
Attention span
"I have yet to see a campaign ad that features one candidate bashing the other's position on critical infrastructure protection, breach notification, or any other IT-focused issue."

I think it's because the American public isn't paying attention and doesn't care. Therefore, politicians don't expend time talking about these topics.

I believe part of the fault for that indifference lies with the tech press -- we write for our own community and, I think, do a poor job translating tech into terms that a typical person not only can easily grasp, but in a way that ties tech to their real lives -- the "WHY does this matter."
asksqn
50%
50%
asksqn,
User Rank: Ninja
11/3/2014 | 1:48:10 PM
Excellent Questions
The reason we haven't seen any substantive discussion of the issues the writer has voiced is simply because the average politician has no clue about digital matters/infrastructure beyond usage of the words.  Further, by its own admission, the Supreme Court of the United States of America also has no clue as to technology beyond using email, yet these are the same nine people who are responsible for interpreting laws based on cell phone searches and encryption!  
Hord
50%
50%
Hord,
User Rank: Apprentice
11/3/2014 | 2:12:40 PM
Re: Attention span
Good points Lorna.  We do talk to our own community much more than the actual business community.  It is not because we don't try though.  It is difficult to get on the agendas in non-IT events and I think there are several reasons they don't want to hear from us.  I think part of it is continual denial of the impacts and problems and the historical view of us as the "nerds" whom they cant understand. When we do talk with then, we scare them. We should all be working on that.

It is hard for them to say they don't know or understand though, because the breaches are on front page most every day.  You can't find a TV show or movie that doesn't has a computer angle. We just have to keep beating the drums.  It is changing before our very eyes; it just isn't fast enough.

Hord
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Author
11/3/2014 | 2:31:32 PM
Re: Attention span
The breach example is spot on, and there are plenty of other ways tech affects the average person's life and wallet. What are some shows you would like to speak at? Where could we start spreading the message?
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
Slideshows
Flash Poll