This post appears here courtesy of the Carolina Journal
. The author of this post is Carter Reilly
"The time has clearly come for the federal government to take on a larger role in the growing fight against cyber criminals."
This dangerous rhetoric comes from Rep. Deborah Ross's July 16 opinion piece
published by The Hill. Ross, a member of the House Committee on Science, Space, and Technology, also represents the Second District of North Carolina, which happens to house one of the largest technology hubs in the nation: Research Triangle Park. Her piece comes just months after two massive cyberattacks on this nation. Yet, she is advocating for what would arguably be the most extensive overreach of the federal government on the private sector's autonomy since the Defense Production Act of 1950. The one-term representative whose background is in civil rights law is clearly out of her depth regarding the issue of cybersecurity.
In April, hackers were able to access the Metropolitan Transportation Authority's systems. New York subway systems service over five million riders each day, an essential part of the city's day-to-day operations. In May, we saw the consequences of hackers targeting the energy sector, as the Colonial Pipeline ransomware hack took out 45% of the fuel supply on the East Coast. Two-thirds of Ross's state went without fuel.
There is no exaggeration when I say this: parts of the nation can be shut down with just a few clicks when hackers use ransomware against our infrastructure. What happens when foreign powers decide to recruit hackers as soldiers of war, to cripple things like power grids and telecommunications networks? Something must be done to ensure this never happens, but we cannot solve the cybersecurity issue by fettering industry.
Ross states that, "the federal government should consider instituting mandatory cybersecurity standards for critical sectors."
Mandatory standards would certainly mean financial penalties, maybe even criminal penalties, for firms that fail to comply. This move is a dangerous one, as it would set a precedent for national governments across the globe to tighten their grips on the private sector.
The Global Legal Group analyzed the cybersecurity laws of 30 nations, comprising of G7 members, technological powerhouses in the making like Ireland and Israel, and developing nations. Firms in the European Union may pay a fine for data breaches under the General Data Protection Regulation, and Israel's Protection of Privacy law requires certain companies to appoint an information security officer, but the overwhelming majority of these nations do not bring criminal penalties against firms that do not comply with cybersecurity measures. Here are the most notable nations that do: Nigeria, the Philippines, and China. None of those are citadels of democracy. While I agree with Ross that something needs to be done to protect the nation's infrastructure, undermining the free market is the wrong approach.
After paragraphs of coercive language, Ross ultimately changes her tone, stating that "with enhanced cooperation between federal authorities and the private sector, we can better secure our country."
If she truly believed in cooperation and collaboration, she would drop the rhetoric that pushes for a gross overreach of federal power over the private sector. After 18 months of being confined to the digital world, the private sector already understands that poor cybersecurity policies and systems are ultimately bad for business.
Government is a slow-moving beast, as the legislative process was designed to be often a reactionary one. The federal government is behind the curve when it comes to issues because they do not have the foresight or the innovation that the private sector does. Rather than kneecapping business for moving faster than the federal government, the federal government should look to collaborate and be brought up to speed.
Imagine a task force with the brightest minds of the private sector supplied with federal resources. We could develop the most advanced cybersecurity systems to date. The United States has an opportunity to get an edge in this cyberwar. Still, the hackers will win if the federal government attempts to drag a potential ally down instead of working with them on the clear and present threat.
Carter Reilly is an intern at the John Locke Foundation and a student at Loyola University Maryland.