Susan Landau on Cybersecurity Bills

By Jack Goldsmith
Thursday, May 3, 2012, 7:15 AM

Susan Landau is currently a visiting scholar at Harvard's Computer Science Department, formerly a Distinguished Engineer at Sun Microsystems, and the author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies.  She is also one of the most knowledgeable people I know about cybersecurity policy.   She writes in with this comment about the pending cybersecurity bills:

We're in a very odd situation. There are four cybersecurity bills --- Lieberman-CollinsMcCainCISPALungren --- currently on the hill (CISPA has already passed in the House).  All four allow "information sharing" of cyber threats, but each bill proposes a different federal agency with which the private sector should share the information: Department of Homeland Security, military cybersecurity centers, unspecified federal agencies (the NSA likely to take the lead).  This makes no sense. The disparities between the bills make clear that the right solution, or set of solutions, is not yet at hand.

The point to keep in mind is that cybersecurity is not one problem but multiple ones.  Protecting the control systems of the power grid from intrusion is fundamentally different from protecting private-sector proprietary information against electronic espionage, and the right set of laws, regulations, and techniques to do each properly will vary considerably. Instead of the four Congressional bills that can't agree on which way to pull, we should be devising narrowly targeted solutions that handle the different cyber risks differently.  In the long run, only such targeted cybersecurity solutions are likely to be effective.