Information security pros should educate elected officials
Over the past few years, numerous bills on cyber security have been introduced and gone nowhere in Congress. That's about to change. The House leadership announced during “Cyber Security Week” in April that it approved four bills. The Senate is currently attempting to resolve largely partisan differences among competing cyber bills. Chances of reaching a compromise are probably 50-50.
The good news is that Congress is beginning to take the problem seriously. The bad news is that, with a few notable exceptions, federal lawmakers mostly think we are still primarily concerned with hackers and passwords. For too many policymakers, the fact that an organization was “breached” is an indication that stronger, more invasive regulatory oversight by the government is needed.
The reality of protecting our information is, of course, far more complicated. We are all facing increasingly sophisticated threats and, in response, we are deploying increasingly advanced defenses. However, security decisions are often not just about safeguarding assets as a competitive force. Business relationships and new platforms need to be managed as part of the full enterprise solution set. This can be a bit difficult for even well-intentioned legislators, most of them “digital immigrants” who are not really comfortable or knowledgeable about the bits-and-bytes world they now inhabit. We owe it to ourselves and our industry to respond with feedback and education for our elected officials.
