OPINION:
The same people who brought you the global warming and Y2K scares have dreamed up a scheme to assert greater federal control over the Internet in the name of cybersecurity. According to Reuters news agency, Senate Majority Leader Harry Reid, Nevada Democrat, intends to pass legislation on the subject authored by Sen. Joe Lieberman, Connecticut independent, and Sen. John D. Rockefeller IV, West Virginia Democrat. The forthcoming effort will trade the freedom of an important communications medium for the illusion of safety.
Mr. Lieberman’s original bill grants a newly appointed White House cyberczar unprecedented powers over private companies deemed to be connected in some way to the nation’s “critical infrastructure.” Banks, manufacturers, information technology companies, power plants and others would be directed to comply with the relevant orders of this unelected official. “The owner or operator of covered critical infrastructure shall immediately comply with any emergency measure or action developed by the Director under this section during the pendency of any declaration by the President,” S. 3480 states.
Companies already have a market incentive to protect their own systems from electronic attack and do not need to receive instruction from 1600 Pennsylvania Ave. Yet the Washington-knows-best mentality goes beyond pushing around the chief executives of multibillion-dollar corporate empires. Even toddlers will be unable to escape indoctrination. The bill requires the secretary of education to develop curriculum standards that address “cyber safety, cybersecurity, and cyber ethics for students in kindergarten through grade 12.” The bill also creates “cyber talent competitions” and cybergrants to ensure there is plenty of cyberpork to go around.
Last month, the Department of Homeland Security released the latest version of its National Cyber Incident Response Plan, an acronym-laden encapsulation of all that is wrong with entrusting computer security to the feds. It discusses, for example, the National Cyber Risk Alert Level, the online equivalent of the widely ridiculed color-coded chart that perpetually suggests a terrorist attack is just around the corner.
The new commander of the U.S. Cyber Command testified last week before the House Armed Services Committee, reinforcing just how ill-suited the government is to this task. “We stay prepared to defend our nation’s freedom of action in cyberspace,” Army Gen. Keith B. Alexander said in his prepared testimony. He then introduced his team of three- and four-star military officers, representing the Air Force, Navy and Marine Corps. The priority is to ensure that none of the branches feels left out, no matter how top-heavy the operation becomes.
Bureaucrats and brass are best at protecting turf and generating a steady stream of meetings, PowerPoint slides and reports. Just don’t expect reduced vulnerability to attack. That’s something that comes only from adapting the latest technology to the latest threats, something the civil service system is inherently incapable of doing. Because federal employees can’t be fired, there is no incentive to learn the latest techniques. That’s why the private sector will always do a better job of protecting itself. The private sector’s freedom to hire a teenage expert stands in stark contrast to the top-down, centralized mentality promoted by the White House and Congress.
The only thing scarier than letting hackers take control of the Internet is letting Washington beat them to it. Government should focus on ensuring its own house is in order before presuming to dictate security standards to others.
Please read our comment policy before commenting.