Do you trust the federal government to keep your personal data safe? What about your business’s records and trade secrets?
If you answered “no,” you have good reason — the federal government has had 13 breaches and failures of its own cyber-security just in the last six months.
Yet President Obama and his allies in the Senate are pushing forward to regulate America’s cyber-doings, without any clues about how much this will cost us or how it will work.
It’s become the norm with this president — if Congress fails to accomplish his objectives, he goes around it with executive orders and federal regulations. He’s doing it again. Congress did not pass the Cyber-security Act of 2012 before the election, so the president has issued a draft of an executive order to put much of that legislation in place without lawmakers voting.
Not to be left behind, though, Senate Majority Leader Harry Reid, D-Nevada, may try to get another vote on the bill before the end of the year — some are saying as soon as this week.
If the idea of cyber-security — trying to secure all of the country’s sensitive computer networks and data — sounds abstract, that’s because it is. It’s so abstract, in fact, that the legislation and executive order our leaders are pushing offer few details about what they would actually do, other than piling more confusing regulations onto businesses.
When you think about it, the idea of the federal government trying to be on the cutting edge of technological security is pretty laughable. As The Heritage Foundation’s David Inserra notes:
“Simply put, government regulations usually take 24—36 month to complete, but the power of computers doubles every 18—24 months. This means that any standards developed will be written for threats that are two or three computer generations old.”
A federal government that stays hopelessly behind the curve and can’t even secure its own networks doesn’t exactly inspire confidence. But oh, it can regulate!
President Obama’s executive order would give multiple federal agencies new power to regulate businesses. It would work much like Obamacare, which passed with few details but gave agencies like Health and Human Services a blank check to write regulations. One of the incentives it may use to keep businesses in line is favoritism in awarding federal contracts — businesses that met the government’s cyber-security standards could be moved to the head of the line.
According to Heritage Visiting Fellow Paul Rosenzweig, “this order will likely be very significant and very costly while not providing important cyber-security solutions, such as effective information sharing.”
How much will it cost businesses to comply with all these new (yet perpetually outdated) regulations? We don’t know.
Will the standards be voluntary or mandatory? Also unknown.
Can companies share information about cyber-threats they have detected, with confidence that their sensitive information will be protected? No guarantees.
With so many unanswered questions, the executive order — or the legislation — would create massive headaches for businesses and could hinder innovation. Just what the economy needs.
Amy Payne is Assistant Director for Strategic Communications at The Heritage Foundation. Readers may write to the author in care of The Heritage Foundation, 214 Massachusetts Avenue NE, Washington, D.C. 20002; Web site: www.heritage.org. Information about Heritage’s funding may be found at http://www.heritage.org/about/reports.cfm.