Policy Documents

The Leaflet - U.S. Cybersecurity Policy: Problems and Priniciples

August 1, 2013

U.S. Cybersecurity Policy: Problems and Priniciples

Cybercrime and cyberattacks are genuine threats, with reports of data breaches, hacks, or thefts appearing regularly in the news. But as law enforcement, industry, academic, and government experts prepare to gather in New York City on August 5–8 for the fourth International Conference on Cybersecurity (ICCS 13), it’s worth asking whether the threat has been overstated and the government’s approach to it, overreaching.

In “U.S. Cybersecurity Policy: Problems and Principles,” a new Policy Brief from The Heartland Institute, IT policy analyst Steven Titch summarizes the three broad categories of cyberthreat – theft/fraud, espionage/exposure, and disruption/destruction – and describes the appropriate responses to each. He explains why “the current, one-size-fits-all approach to cybersecurity, exemplified by CISPA [the Cyber Intelligence Sharing and Protection Act], the Cybersecurity Act, and CFAA [the Computer Fraud and Abuse Act] cannot help but fail.”

Titch also explains why fears that the U.S. may be vulnerable to a cyberterrorist attack are likely overblown and should be viewed rationally. Could a cyberattack cause death and destruction on a massive scale? Could power plants be shut down, the rail system be hacked so freight trains derail or crash, or the air traffic control system be so crippled as to cause mid-air collisions? Titch addresses all of these concerns and more.

For policymakers and those they represent, Titch offers seven principles of sound cybersecurity policy. He notes the flaw in cybersecurity policymaking to date “is that it sees cybersecurity as something separate and apart from conventional law-and-order and national defense issues.” Effective cybersecurity, he writes, builds on existing laws and law enforcement mechanisms; his first principle of sound cybersecurity policy is: New laws should be a last resort.

To read the Policy Brief, click here.

If you have any questions about this Policy Brief or The Heartland Institute, or if you’d like to discuss cybersecurity policy with author Steven Titch, please contact me at jnothdurft@heartland.org or 312/377-4000.

This week’s edition of The Leaflet features Heartland work addressing the cyber security, Obamacares effects on hiring, Kentucky Common Core, transaction taxes, digital goods taxes, and consumers unwilling to pay more for renewable energy.

Respectfully,

John Nothdurft
Director of Government Relations
The Heartland Institute

 

 

The Right Role for Government in Cybersecurity
InfoTech & Telecom

Over at The Technology Liberation Front Heartland Policy Brief author Steve Titch explains, “Proper cybersecurity policy begins with understanding that there’s a limit to what government can do to prevent cybercrime or cyberattacks. Cybersecurity should not be seen as something disassociated with physical safety and security. And, for the most part, physical security is understood to entail personal responsibility. We lock our homes and garages, purchase alarm systems and similar services, and don’t leave valuables in plain sight. Businesses contract with private security companies to safeguard employees and property. Government law enforcement can be effective after the fact – investigating the crime and arresting and prosecuting the perpetrators – but police are not routinely deployed to protect private assets.

“Similarly, it should not be the government’s job to protect private information assets. As with physical property, that responsibility falls to the property owner. Of course, we must recognize the government at all levels is an IT user and a custodian of its citizens’ data. As users with an interest in data protection, federal, state and local government information security managers deserve a place at the table – but as partners and stakeholders, not a dictators.

“Since the first computers were networked, cybersecurity has best been managed through evolving best practices that involve communication across the user community. And yes, despite what the President and many members of Congress think, enterprises do share information about cyberattacks. For years they have managed to keep systems secure without turning vast quantities of personal data on clients and customers over to the government absent due process or any judicial warrant.

“In terms of lawmaking, cybercriminal law should be treated as an extension of physical criminal law. Theft, espionage, vandalism and sabotage were recognized as crimes long before computers were invented. The legislator’s job is first to determine how current law can apply to new methods used to carry off age-old capers, amending where necessary, as opposed to creating a new category of badly written laws.

“If any new laws are needed, they should be written to punish and deter acts that involve destruction and loss. The severity of the penalties must be consonant with the severity of the act. The law must come down hard on deliberate theft, destruction, or other clear criminal intent. Well-written law will ensure that prosecutorial resources are devoted to stopping organized groups of criminals who use email scams to drain the life savings of pensioners, not to relentlessly pursue a lone activist who, as an act of protest, downloaded and posted public-record local government documents that proved embarrassing to local elected officials.”

 

 

 

Research & Commentary: Effects of Obamacare on Businesses and Hiring 
Health Care

On July 2, the Obama administration announced the Affordable Care Act’s “employer mandate” will be pushed back a year to begin on January 1, 2015. The mandate requires employers with 50 or more full-time employees to deliver health care coverage or pay a $2,000 penalty for each employee after the first 30 workers. Despite the administration’s delay, businesses making hiring decisions must consider the additional expenses that will be created by the mandate once it goes into effect.

In this Research & Commentary, Logan Pike examines the effects Obamacare will have on businesses and hiring. According to a survey by the U.S. Chamber of Commerce, 71 percent of small businesses say the health care law makes it more difficult for them to hire. “The Affordable Care Act will increase the financial burden on businesses and employees. As a result, employers will be much less likely to take on new commitments like expanding, hiring new workers, or even maintaining the full-time employees already in place,” writes Pike. The cost burden will shift to the taxpayers once businesses are released from health care costs and employees go to the government to receive coverage.

Research & Commentary: Kentucky Common Core
Education  

In 2012, approximately 16 states reconsidered the Common Core state education standards. Currently the Kentucky legislature is holding hearings to decide whether or not it will keep the Common Core.

In this Research & Commentary, School Reform News Managing Editor Joy Pullmann examines the negative aspects of implementing these national standards. Pullmann maintains, “One of the central objections to Common Core is loss of state and local control and flexibility over what children will learn, even in private and home schools, since all major tests, including college entrance exams, are aligning to Common Core and these will feed into national student databases states are constructing. One set of national learning models cannot possibly accommodate 50 million children’s diverse learning needs.”

Research & Commentary: Financial Transaction Tax Update
Finance, Insurance, and Real Estate

In the years since the 2007–2008 financial crisis, legislators in the United States and other nations have proposed new taxes on certain financial transactions, including securities trading and stock transactions. For proponents of these financial transaction taxes, commonly known as “Robin Hood” taxes, the goal is twofold: to raise government tax revenue and to slow down short-term, speculative trading, which they argue causes unnecessary market volatility.

In this Research & Commentary, Matthew Glans argues that instead of promoting market stability, transaction taxes suppress market activity and increase volatility while generating less revenue than expected, and the damaging effects are widespread, not limited to undefined “speculators.” Glans advises governments to steer clear of the disruptive tax.

New Framework for Digital Goods Taxes Introduced in U.S. Senate
Budget & Tax

In this article from the Heartlander digital magazine, Matthew Glans discusses the rapid expansion of the digital goods market and recent changes in how states are taxing these products. Each state taxes sales differently, and the potential for double taxation grows more likely as states rush to find new tax revenue from the booming Internet economy. Glans examines a new piece of legislation being considered, the Digital Goods and Services Tax Fairness Act, which would create a national framework that is designed to prevent consumers of digital goods from being hit with multiple and discriminatory taxes.

Glans writes, “‘Creating clear, national disciplines that govern the taxation of the digital economy is critical to innovation and the growth of this segment of the American economy,’ said U.S. Sen. Ron Wyden in a statement. ‘This bill, which is consistent with the principles of the Internet Tax Freedom Act that is current law, protects the digital economy from the unfair application of taxes that would stifle the innovative digital goods and services that are transforming the economy.’ The act would also help prevent taxes that are being imposed on wireless and other communications services from being imposed on digital goods and services.”

Study: Consumers Unwilling to Pay More for Renewable Energy
Environment

Relatively few consumers are willing to pay extra for renewable energy offered under voluntary ‘green’ pricing programs, according to a newly published report from the Institute for Energy Research.

Daniel Simmons, IER’s director of state policy, says, “While people like the thought of electricity from renewable sources, they don’t want to pay more for it, with the exception of the well-to-do. This report shows how damaging it is to mandate renewable electricity, because it forces people to pay higher prices for power when they would prefer not to.”