Chances of Passing Cyber Security Law Higher than Ever Before, Schmidt Says
SAN FRANCISCO -- The chances that Congress will pass some sort of cybersecurity legislation have improved in recent months, Howard Schmidt, the White House cybersecurity coordinator and special assistant to the president, said Tuesday. “Hopefully we'll see something before the summer break and it gets into the election season,” he said. If legislation can focus on consensus items and leave longer-term debates for another day, the prospects seem good, he said. “I think there are better chances now than we've ever had before,” he said. He spoke on a panel on international cybersecurity at the German American Business Association and Goethe Institut.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Without regulation, companies probably won’t adopt robust security measures on their own, said Sandro Gaycken, a researcher at the Freie Universitat Berlin, Institute of Computer Science. Effective security systems are too expensive, he said. “You have to force the companies to implement the system because they have no natural incentive to do that,” he said. “If there is a cheap way out, they will take the cheap way out, and for security there are basically two approaches: One is security and the other is marketing. Most opt for marketing."
Joe Weiss, an industrial control systems engineer, said he’s worried current legislation doesn’t properly consider control systems for major power plants and utilities. For instance, mandating those operations comply with new privacy rules could be counter-productive, he said. “If you try to mandate that onto our system, you are mandating a requirement that can impact its performance without a need to do that,” he said. “Other than home meters, confidentiality isn’t important. Have us address the things that are important."
Governments around the world should work together to raise the cost of cybercrime, Schmidt said. “If you can get 5 Euros for a stolen credit card number, we need to make sure that for the criminals who are stealing it, it costs them 10 Euros,” he said. Moreover, companies and agencies need to make it clearer to hackers when they've failed to breach their systems, he said. “Show them the lack of success,” and they'll move on to other targets, he said. Finally, “For those we find doing these things, hold them accountable,” whether it’s in the United States or another country, he said.
Another hedge against cyberthreats would be to slow the move toward “smart” devices, said Gaycken. The efficiency gained in making device processes “smarter” is probably far smaller than the cost of securing them, he said.
Another role for government is to educate its citizens about cyberthreats, said Norbert Pohlmann, chairman of TeleTrust, a German IT security association. “Maybe the government has a responsibility to say ‘We've had a change in our society and we need to train our people to handle this new technology,'” he said.