Published by The Lawfare Institute
in Cooperation With
We're in a very odd situation. There are four cybersecurity bills --- Lieberman-Collins, McCain, CISPA, Lungren --- currently on the hill (CISPA has already passed in the House). All four allow "information sharing" of cyber threats, but each bill proposes a different federal agency with which the private sector should share the information: Department of Homeland Security, military cybersecurity centers, unspecified federal agencies (the NSA likely to take the lead). This makes no sense. The disparities between the bills make clear that the right solution, or set of solutions, is not yet at hand. The point to keep in mind is that cybersecurity is not one problem but multiple ones. Protecting the control systems of the power grid from intrusion is fundamentally different from protecting private-sector proprietary information against electronic espionage, and the right set of laws, regulations, and techniques to do each properly will vary considerably. Instead of the four Congressional bills that can't agree on which way to pull, we should be devising narrowly targeted solutions that handle the different cyber risks differently. In the long run, only such targeted cybersecurity solutions are likely to be effective.