Legislation Would Stick Business with Cyberwar Costs

Tuesday, May 08, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Cybersecurity legislation supported by the likes of Senators Joe Lieberman of Connecticut and Susan Collins of Maine would create a regulatory environment that essentially would require businesses to pick up the majority of the cost for defending against ever increasing threats.

A great deal of cyber espionage is directed at private companies who have a wealth of sensitive information and intellectual property worth tens of billions to foreign governments and represents a national security issue both militarily and economically.

"Let's fast forward to the 21st century. We're an information-based society now. Information is everything. That makes you, as company executives, the front line — not the support mechanism, the front line," said U.S. counterintelligence official Frank Montoya.

The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?

While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible.

Clinton and other experts were interviewed on National Public Radio’s “Morning Edition” on Tuesday, May 8th.

"The legally mandated role of the government is to provide for the common defense, and they're willing to spend pretty much whatever it takes to do that. If you're in a private organization, your legally mandated responsibility is to maximize shareholder value. You can't spend just anything on the cyberthreat. You have an entirely different calculus that you have to put into effect," Clinton explained.

Clinton argues that mandating companies to pick up the bill for defending what is really a national security threat puts an unsustainable burden on businesses.

"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it," Clinton said.

Clinton has led ISA since 2007, and is frequently called upon to offer expert testimony and guidance to Congress, the White House, and numerous Federal Agencies on policy and legislative efforts.

The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.

The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries.

Clinton believes the current legislation under consideration is far too punitive in nature, and would disincentivize companies from both investing in better security measures and from disclosing data loss events, as well as creating a regulatory and bureaucratic nightmare.

"The major concern is the vast regulatory structure that would be set up at the Department of Homeland Security," says Larry Clinton.

Clinton maintains that the best approach for both the public and private sectors is to devise a cyber defense strategy that does not unfairly burdon companies with unsustainable costs through regulatory mandates.

"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans. Simply telling them, 'You have to ignore your business plan,' is not a sustainable model. We have to find a way to make it economic," Clinton continued.

Source:  http://keranews.org/post/bill-would-have-businesses-foot-cost-cyber-war

Possibly Related Articles:
4625
Enterprise Security
Budgets Government Regulation Internet Security Alliance Cyber Security Headlines legislation National Security Larry Clinton
Post Rating I Like this!
Ca77c9128684f4263450c6d728107608
Damion Waltermeyer Some amazing statements in there. Perhaps if they calculated in the loss of reputation and tied that to sales they could make a better case for it. We shouldn't have government funds securing every poorly designed commercial system that comes along.
1336500192
De3c528c39a0c5e1645b59a7c27888c6
Don Jackson Damion... just stop it... your comment makes too much sense. Mine, however are a little more direct.

"The question is, who should ultimately be responsible for picking up the tremendous costs involved with securing critical data maintained by the private sector?"

Are you serious... is that really a question?
---

"While private sector leaders like Internet Security Alliance president Larry Clinton acknowledge that companies have a responsibility to protect critical systems and data in order to satisfy their obligations to shareholders, the notion that businesses can allocate unlimited resources at the expense of those same shareholders is not feasible."

Isn't that (maintenance) the cost of doing business?
---

"If the government was interested in paying the private sector to do all these things, probably we would go a long way toward doing it. But the government so far, [with] the Lieberman-Collins bill, wants it all done for free. They want the businesses to simply plow that into their profit and loss statement, and the numbers are staggering. You simply can't do it,"

Why should government or anyone other than the business owner be responsible for paying to securing his own resources? If government paid for it, wouldn't that make us all business partners?
---

"Whether we like it or not, we are going to have to figure out a way to get private companies to make, on a sustainable basis, investments that are not justified by their business plans."

Maybe so, but WE should not have to pay for it. These are the same companies that are getting huge tax breaks and write-offs now but cannot seem to hire but at lobbying for more free money.
1336509440
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.