Should the Government know about Private Companies’ information security strategies?

In our class yesterday, Ralph Russo stressed the importance of understanding that no entity exists that has the authority to or even can regulate the internet. Therefore, there is the potential for many cybersecurity attacks to occur that can be, if not properly defended against, devastating to economic, political, and personal safety.

The burden of protecting sensitive information systems falls primarily upon the government; however, the private enterprises that control important services, such as power companies, health institutions, and food supply chains must also take initiative in securing their control systems because of the potential loss of business they may face due to a cybersecurity attack. In essence, both private and public entities must play an active role in defending our country against cybersecurity attacks, but the question is whether the government will require certain private companies, like utilities companies, to disclose cyber-defense strategies to the government to enhance overall national safety.

Interestingly enough, the Washington Post published an article this afternoon that reported that “[t]he White House has backed away from its push for mandatory cybersecurity standards in favor of an approach that would combine voluntary measures with incentives for companies to comply with them.” This current position is a result of the failure of bipartisanship; so many factors must be considered in a case such as this because of the freedoms and privacy rights of companies and individuals may be violated. Therefore, the White House wants to make information-sharing voluntary.

Do you think the government should be lax in its cybersecurity policies regarding private businesses that are critical to the daily functionings of American society? It seems to me that it would be in the best interest of both the government and these private businesses to share at least some basic information about the internet since separately, they are much more vulnerable to cybersecurity attacks than as part of a joint effort.

Advertisements

One response to “Should the Government know about Private Companies’ information security strategies?

  • ddipietro216

    I understand that if companies have the right to be private in order to retain their competitive integrity, but I think that industries with a large hand in/ influence on society should definitely have to disclose cyber-defense strategies to the government in order to ensure that they are doing their part to protect national safety. In my opinion this should not only apply to infrastructural industries like those that control our water, electricity, and food supply, but also those that have a large influence on society like Twitter. We have seen cyber-attacks on Twitter accounts create “damning real-world effects” (http://money.cnn.com/2013/04/23/technology/security/ap-twitter-hacked/). In addition, a requirement like this would end up being beneficial to the private companies themselves in the long run anyways because it will force them to take cybersecurity more seriously than they may have otherwise, and potentially prevent a cyber attack that could have penetrated a weaker system.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: