New Report Lays Out Principles for Sound Cybersecurity Policy

August 07, 2013

CHICAGO (August 7, 2012) – Cybercrime and cyberattacks are genuine threats, with reports of data breaches, hacks, or thefts appearing regularly in the news. But as law enforcement, industry, academic, and government experts gather in New York City this week for the fourth International Conference on Cybersecurity (ICCS 13), it’s worth asking whether the threat has been overstated and the government’s approach to it, overreaching.

In “U.S. Cybersecurity Policy: Problems and Principles,” a new Policy Brief from The Heartland Institute, IT policy analyst Steven Titch summarizes the three broad categories of cyberthreat – theft/fraud, espionage/exposure, and disruption/destruction – and describes the appropriate responses to each. He explains why “the current, one-size-fits-all approach to cybersecurity, exemplified by CISPA [the Cyber Intelligence Sharing and Protection Act], the Cybersecurity Act, and CFAA [the Computer Fraud and Abuse Act] cannot help but fail.”

To read the Policy Brief, click here.

Titch also explains why fears that the U.S. may be vulnerable to a cyberterrorist attack are likely overblown and should be viewed rationally. Could a cyberattack cause death and destruction on a massive scale? Could power plants be shut down, the rail system be hacked so freight trains derail or crash, or the air traffic control system be so crippled as to cause mid-air collisions? Titch addresses all of these concerns and more.

For policymakers and those they represent, Titch offers seven principles of sound cybersecurity policy. He notes the flaw in cybersecurity policymaking to date “is that it sees cybersecurity as something separate and apart from conventional law-and-order and national defense issues.” Effective cybersecurity, he writes, builds on existing laws and law enforcement mechanisms; his first principle of sound cybersecurity policy is: New laws should be a last resort.

If you have any questions about this Policy Brief or The Heartland Institute, or if you’d like to discuss cybersecurity policy with author Steven Titch, please contact Communications Director Jim Lakely at jlakely@heartland.org or 312/377-4000.