Cybersecurity and Regulations

A slew of major media companies have been targeted by hackers, coming mainly from China, according to reports that have surface in the past two weeks. The New York Times, Bloomberg News, Wall Street Journal, and The Washington Post have all reported being the target of cyberattacks originating from the Asian country. According to a report in the New York Times, it was found that servers in the newsrooms, not the business-side of the business, were being targeted in most of the cases. These attacks on the US’s major media organizations have renewed interest in the problems posed by overseas hackers, particularly those originating in China.

The two ranking members of the House Intelligence Committee, Democrat Dutch Ruppersberger and Republican Mike Rogers, have said they are currently working on a new version of last year’s CISPA bill, which failed last year after a veto threat from the White House. CISPA would have made it easier for companies to share information about cyberattacks with the federal government, and had wide support from many technology companies. Ruppersberger told The Hill that his staff is working with the White House to allay any concerns that crept up over last year’s bill. Many of the concerns centered around privacy issues, with worry that CISPA would provide the government with too much information on consumers’ private information.

Another cybersecurity bill that was favored by the White House was scuttled by Senate Republicans, who rightly feared the onerous regulations the bill imposed would stifle innovation and saddle companies will too many new rules. Although the bill was killed in the Senate, the Obama administration issued an executive order that included many of the provisions of the killed Senate bill, calling for voluntary compliance with the new regulations. As I’ve referenced before, there’s no such thing as a voluntary regulation.

The recent cyberattacks have strengthened many lawmakers resolve to pursue some sort of legislative remedy, but as many note, there isn’t a lot the government could do to stop the recent attacks on the media organizations. As the State department notes, the experience of being hacked isn’t only felt by these groups—companies around the country have been experiencing attacks like this for some time, and there’s no magic bullet to solving it, especially one coming from a legislative body. According to one report in the San Francisco Chronicle, the average loss to a company that’s been hacked is $5.5 million.  With the market for data-vulnerability management growing to $1 billion by 2016, it’s a problem that surely isn’t going away.

When drafting legislation, lawmakers should work toward legislation that will truly make our data and systems safer, not pass bills that will only shoulder businesses with more undue regulations.  Unnecessary regulatory costs only mean higher prices for consumers. Businesses are already dealing with the costly business of preventing and cleaning up from cyberattacks. They don’t need another unnecessary cost to worry about.

Zack Christenson writes on digital technology for the American Consumer Institute Center for Citizen Research

 

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin