Cyber Security Law Vs. Partisan Politics

Cyber security sometimes turns up as a campaign issue, but effective legislation has stalled. It's time for a rational approach to regaining trust in our digital world.

W. Hord Tipton, Contributor

October 31, 2014

5 Min Read
InformationWeek logo in a gray background | InformationWeek

These days, many people understand that the digital age means more than just high-tech tools, apps, and smartphones. They know that emerging technology brings painful side effects like poor data protection and vulnerable software products, which can be very costly.

The greater the public's concern about a topic, the more likely that topic will become a campaign issue that is debated on the campaign trail and on television ads, ultimately turning up at the voting booth.

Still, in all my years living both inside and outside Washington, I have yet to see a campaign ad that features one candidate bashing the other's position on critical infrastructure protection, breach notification, or any other IT-focused issue. So the question becomes, to what degree during this year's elections will the public make data protection, privacy, and threats to our critical infrastructure an issue? Is fixing an IT problem as important as building that new bridge or funding reform of a local school system? These are all issues that need consideration. Which are most significant to you?

[Running a tight ship: VA Buckles Down On Cyber Security, Program Management.]

As we approach the upcoming elections, I would urge every one of us to take into consideration the magnitude of this problem -- it is ever-present and getting worse by the minute. No longer can we compartmentalize the various breaches that occur on a daily basis and dismiss them as having no direct impact on our own livelihood.

The fact is that everyone is being impacted, in both obvious and not-so-obvious ways. We have reached a stage where peoples' lives and livelihood are at risk every minute of every day. People with life-threatening diseases are going untreated because they don't want their health information exposed for the world to see. Companies are going out of business and people are out of work because of the absence of laws that preserve anonymity after a costly data breach, and our country's critical infrastructure remains under constant attack.

While data security and privacy have come a long way in attracting the attention of our nation's leaders, the public's concern over this issue is not yet commensurate with the negative impact it is having on our national economy, health, and safety -- and it's certainly not great enough to get the attention of political candidates seeking office. Personally, I can think of few greater issues that need attention during the upcoming elections than those of public trust and the privacy/security of personal data.

But are we there yet? Do we realize how hard a hit our banks have taken due to breaches in the past year? Are we aware that we are actually paying for those same banks to run vulnerable software? Do we understand that the same laws that currently protect the consumer from financial devastation as a result of a data breach could change at any moment, leaving the consumer responsible for recovering lost data and/or funds? Or does the issue still represent so insignificant of a threat to our well-being that our local Congressmen/women can justify staying uneducated or unfocused on this topic? Do we even have a voice when it comes to demanding legislative reform of cyber security and data protection practices? My guess is that there is still a lot of work to be done and pain to be felt by the American public before we will see the issues of data protection, privacy, and public trust on campaign agendas.

So what can the average American citizen do to develop a voice on this critical topic? First, get educated. As National Cybersecurity Awareness Month comes to a close, there is an abundance of information and news coverage that is easily accessible online. I am especially excited about a new program we just developed specifically for business managers that will teach them how to prioritize the cyber security role within their organization.

Next, identify what level of priority your local Congressman/woman designates to this issue. Study the candidates from a different perspective this year. Find out who has a background in IT legislation matters and who would be most likely to understand what your state is facing in this current cyber security environment. Believe it or not, there are several politicians and potential candidates who have a solid grasp on the issue. While they might be in the minority, we as voters are the ones who can demand that those in political office prioritize the issue.

Sadly, I have reviewed more than 100 pieces of draft IT legislation over the past few years and know of nothing that has been enacted. The proposals are overly complex and rife with legalese jargon that most lawyers can't understand, much less those in the voting public. Unfortunately, political agendas have brought any action on this front to a halt in recent years. We need to find a way to ensure that cyber security legislation remains a nonpartisan issue.

Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments,  and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)

About the Author

W. Hord Tipton

Contributor

W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, is currently the executive director for (ISC)2, the not-for-profit global leader in information security education and certification. Tipton previously served as chief information officer for the U.S. Department of the Interior for over five years. Mr. Tipton can be reached at [email protected].

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights