Monday, December 15, 2008

Commentary: U.S. CEOs to Assist in Critical Infrastructure Protection? - Not Likely

Coverage and analysis of the report "Securing Cyberspace for the 44th Presidency" released by the Center for Strategic and International Studies continues.

A recent article from NetworkWorld discusses the recommendation to create a C-level panel of advisers called The President’s Committee for Secure Cyberspace. This panel would represent four key industries: Energy, finance, information technology/communications and government.
"The four industries were chosen for the committee because they “form the backbone of cyberspace. … Keep these sectors running and cyberspace will continue to deliver services in a crisis. Bring them down, and all other sectors will be damaged.”

There will be no problem getting CEOs to sit on a highly visible presidential committee where they can be seen to be doing something for little or no cost. However, expecting for-profit corporations to voluntarily make costly security changes and investments, especially during an economic down-turn, is wishful thinking at best. It will never happen. Remember, these are the same CEOs that require extensive ROIs for the most mundane security investment.

Therefore, the report also recommends new regulatory powers to force security changes:
"The report also seeks new regulations with the teeth to enforce standards that would establish a more secure infrastructure."

The article discusses several possible forms these regulations could take. Unfortunately, if past behavior provides any insight of future behavior, these regulations will be passed with little forethought or, if there is open discussion and debate, will be significantly weakened via lobbying when corporations realize the cost of compliance.

Top execs would roll up sleeves to fight cyber war, according to think tank study

No comments: