I don’t get what the big hubbub is about. I understand that internet types are all aflame about President Obama’s executive order on cybersecurity. Congress has been unable to reach a consensus, with a bill passing the House, but not the Senate — in part, I believe, because of opposition from the Obama Administration.
If this is what the administration was fighting for, it is more of a pop gun than a cannon. A quick read of the executive order indicates that it is all voluntary. True, it calls on the federal government — primarily the Secretary of Homeland Security — to develop standards for cybersecurity for the owners of critical infrastructure of U.S. internet networks. And it is up to the federal government to decide who makes it onto the list of critical infrastructure, which is defined as “systems or assets, physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”But, unless I am missing something, no private company or individual is required to adopt those standards. So, like Obama’s gun orders, the executive order on cybersecurity is a waste of presidential power — all show but no substance.
In fact, there is no reason why the federal government needs to perform this function. If this is just an issue of identifying the best cybersecurity practices, we should allow private industry, both the creators and consumers of advanced internet and computing technology, to develop their own voluntary standards. The federal government can then help ensure those standards become uniform simply by choosing to buy and sell internet products from those firms that offer the best balance of security versus cost effectiveness. Allow the market to develop the best way for companies to protect their internet infrastructures and information, and they can sell those products to the government.