Cyberattacks: Washington is hyping the threat to justify regulating the Internet

Unfortunately, the popular discussion largely clumps them into the vague and essentially meaningless “cyberthreat” category.

Let’s take a deep breath.

Before we can effectively address any of these amorphous “cyberthreats,” we must first identify what, specifically, these threats are and to what extent the federal government plays a role in defending against them.

The war metaphor may be useful rhetoric, but it is a poor analogy to the dispersed and different threats that both public and private information technology systems face.

The fact is, as long as we have had networks, they have been under attack. But over the past 20 years network operators have developed effective detection, prevention, and mitigation strategies.

This is why we should be wary of calls for more government supervision of the Internet. Last week, as part of its National Broadband Plan, the Federal Communications Commission began an inquiry into whether to establish a “voluntary cybersecurity certification program.” Through the program the FCC would certify communication service providers based on a set of cybersecurity standards developed directly by the FCC, or indirectly through a third party.

More ominously, Senators Rockefeller and Snowe have introduced the Cybersecurity Act of 2010 that aims to change how the Internet works in the name of security. It would also create a national system of licensing for security professionals, and would dole out millions of dollars in cyberpork to “regional cybersecurity centers” and other programs.

At the heart of calls for federal involvement in cybersecurity is the proposition that we reengineer the Internet to facilitate better tracking of users in order to pinpoint the origin of attacks. The Rockefeller-Snowe bill looks to develop such a “secure domain name addressing system.”

That’s a slippery slope.

And there’s the fact that we have seen a wasteful military-industrial complex develop before, and in this rush to “protect” we might be seeing a new one blossoming now. The greater the threat is perceived to be – and the less clearly it is defined – the better it is for defense contractors like Booz Allen Hamilton, which last week landed $34 million in Defense Department cybersecurity contracts.

That money could certainly be put to better use right now.

Anyone concerned about net neutrality or civil liberties – in particular online privacy and anonymity – should take notice. Before the country is swept by fear and we react too quickly to the “gathering threat” of cyberattacks, we should pause to calmly consider the risks involved and the alternatives available to us.

Rather than pass a sweeping “cyberdefense” bill right away, Congress should take the time to untangle the different threats that confront us and make sure they are addressing each appropriately. If not, we will be saddled with an overreaching one-size-fits-all result.

Giving the military and federal agencies the tools to protect their online assets might be an appropriate first response. But reengineering the Internet and imposing standards and licensing on the most innovative sector of our economy should give us pause. There is no reason to rush to action.

Jerry Brito and Tate Watkins are technology policy researchers at the Mercatus Center at George Mason University.

Previous

1 | 2