The Obama administration is contemplating the creation of government cyber security standards in order to protect the Internet from attacks that threaten national security. So does that mean the government will be running the Internet? Hard to say. The anticipated executive order tells the Secretary of Homeland Security to designate the critical infrastructure that needs protecting, tells the National Institute of Standards and Technology to create a Cybersecurity Framework, and then tells a variety of other agencies to figure out the extent to which they can use their existing regulatory authorities to encourage compliance with that Framework. Among the powers contemplated is an acquisition preference for companies that abide by the government’s standards. At this point, says Paul Rozenzweig, the unanswered questions include:
• How much would it cost?
• What “critical infrastructure” is covered?
• Would the standards be outdated before they take effect?
• What would investors and innovators do?
• Does the government have the requisite expertise?
• Are the standards really voluntary?
• Why does anyone think the federal government can develop good standards? [The Heritage Foundation, November 15]
However, we do know that the federal government itself has experienced 13 cybersecurity breaches of its own just since May 2012. The hacked agencies include the Centers for Medicare and Medicaid Services, the Department of Homeland Security, the Department of Justice, the Department of Energy, the Army, and the Navy. [The Heritage Foundation, November 13]