Tuesday, March 17, 2009

Cybersecurity hearing roundup

Here's a good roundup of cybersecurity hearings.

Most ironic criticism was the claim that the initiative was flawed because it only dealt with government infrastructure.

Several witnesses at Tuesday's hearing echoed James Lewis of the Center for Strategic and International Studies, who argued that the "greatest failing" of the CNCI was that the initiative "despite its name, was not comprehensive." In part because it was launched under a veil of secrecy and without statutory support, the CNCI focused primarily on securing the dot-gov domain. But as a report sent to Congress last month by the Institute for Information Infrastructure Protection stressed, 85 percent of the nation's critical infrastructure is privately owned and operated.

We've had twenty years of industry telling government to butt out; suddenly the real problem is its unwillingness to butt in?  Well, critics have to criticize, and they had a choice of (a) "We're shocked at the government's failure to address security problems in the private sector" or (b) "We're shocked at the government's sneaky attempt to address security in the private sector while pretending not to.  The economy and your privacy are at risk!" 

All in all, I prefer (a)

No comments: