 |
War Makes the State, but Not As It Pleases: Homeland Security and American Anti-Statism
| |
| | Unformatted Document Text:
inside, as many key private officials were on formal governmental advisory groups, and from the outside, speaking out against the government’s cyber security plans in the media and in public summits with Tom Ridge and other officials of the then new Office of Homeland Security.
120
The draft strategy had suggested a combination of government regulations and mandatory technical standards to overcome the economic disincentives to investment in expensive security enhancements. In a National Infrastructure Advisory Council teleconference with Richard Clarke, IT industry leaders insisted that the government should encourage—but not mandate—improved computer security solely through its procurement decisions.
121
“The government [should] settle on a set of standards for their own use, but
not dictate a set of standards,” said Symantec Corporation’s CEO John Thompson.
122
The Business Software Alliance (BSA) would not go even that far in the direction of inviting government intervention. In a written response to the Bush administration’s draft strategy, the BSA objected to the notion of a federal certification program, or even a “seal of approval” program for security products and strongly resisted the notion of a new standards setting organization. “We can foresee only duplication of existing efforts or, of more concern, government-guided efforts at regulation from such a body, either directly or through the migration of procurement specifications.”
123
Other IT industry leaders argued that regulations such as mandatory testing and interoperability requirements would be an impossible burden on small companies and would reduce incentives for innovation in the fast-moving IT sector.
124
They objected
that mandatory information sharing about security flaws would open them up to lawsuits for violations of privacy or antitrust laws.
125
They flatly rejected the notion of mandatory
contributions to a fund that would identify and address security enhancements to the Internet. Such a fund, wrote the BSA in its comments, “could become a hidden tax on industry and a mechanism for aggressive regulation.”
126
Under intense industry pressure, the White House announced that delivery of the draft recommendations to the president would be delayed for two months to allow for additional “public comment.”
127
During those two months, all of the government
mandates were dropped. Information sharing and interoperability requirements,
120
Elise Ackerman, “Summit in California's Silicon Valley to Focus on Cybersecurity,” San Jose Mercury
News, 3 December 2002.
121
Archived minutes of meetings of the National Infrastructure Advisory Council are available online at
http://www.dhs.gov/dhspublic/interapp/editorial/editorial_0353.xml; see also Caron Carlson, “IT Resists Mandatory Cyber Security,” Eweek.com. 8 January 2003, available at http://www.eweek.com/article2/0,3959,813715,00.asp.
122
Ibid.
123
Carson Carlson, “IT Warns Against Slippery Slope to Regulation,” E-Week.com, 22 November 2002;
available at http://www.eweek.com/article2/0,1759,1662335,00.asp
.
124
Archived minutes of NIAC meetings; and Carlson, “IT Resists Mandatory Cyber Security.”
125
Personick and Patterson, Critical Infrastructure Information Sharing and the Law: An Overview of Key
Issues.
126
Carlson, “Slippery Slope.”
127
“Feds Delay Release of Cyber-Security Plan,”e-Week, September 2002, available at
http://www.findarticles.com/p/articles/mi_zdewk/is_200209/ai_ziff31142
.
31
|
| | Authors: Kroenig, Matthew. |
|
| |
|
|
inside, as many key private officials were on formal governmental advisory groups, and
from the outside, speaking out against the government’s cyber security plans in the media
and in public summits with Tom Ridge and other officials of the then new Office of
Homeland Security.
The draft strategy had suggested a combination of government regulations and mandatory
technical standards to overcome the economic disincentives to investment in expensive
security enhancements. In a National Infrastructure Advisory Council teleconference
with Richard Clarke, IT industry leaders insisted that the government should encourage—
but not mandate—improved computer security solely through its procurement
decisions.
“The government [should] settle on a set of standards for their own use, but
not dictate a set of standards,” said Symantec Corporation’s CEO John Thompson.
The Business Software Alliance (BSA) would not go even that far in the direction of
inviting government intervention. In a written response to the Bush administration’s
draft strategy, the BSA objected to the notion of a federal certification program, or even a
“seal of approval” program for security products and strongly resisted the notion of a new
standards setting organization. “We can foresee only duplication of existing efforts or, of
more concern, government-guided efforts at regulation from such a body, either directly
or through the migration of procurement specifications.”
Other IT industry leaders argued that regulations such as mandatory testing and
interoperability requirements would be an impossible burden on small companies and
would reduce incentives for innovation in the fast-moving IT sector.
They objected
that mandatory information sharing about security flaws would open them up to lawsuits
for violations of privacy or antitrust laws.
They flatly rejected the notion of mandatory
contributions to a fund that would identify and address security enhancements to the
Internet. Such a fund, wrote the BSA in its comments, “could become a hidden tax on
industry and a mechanism for aggressive regulation.”
Under intense industry pressure, the White House announced that delivery of the draft
recommendations to the president would be delayed for two months to allow for
additional “public comment.”
During those two months, all of the government
mandates were dropped. Information sharing and interoperability requirements,
120
Elise Ackerman, “Summit in California's Silicon Valley to Focus on Cybersecurity,” San Jose Mercury
News, 3 December 2002.
121
Archived minutes of meetings of the National Infrastructure Advisory Council are available online at
122
Ibid.
123
Carson Carlson, “IT Warns Against Slippery Slope to Regulation,” E-Week.com, 22 November 2002;
124
Archived minutes of NIAC meetings; and Carlson, “IT Resists Mandatory Cyber Security.”
125
Personick and Patterson, Critical Infrastructure Information Sharing and the Law: An Overview of Key
Issues.
126
Carlson, “Slippery Slope.”
127
“Feds Delay Release of Cyber-Security Plan,”e-Week, September 2002, available at
.
31
|
|
 Convention | | Submission, Review, and Scheduling! All Academic Convention can help with all of your abstract management needs and many more. Contact us today for a quote! | | Submission - Custom fields, multiple submission types, tracks, audio visual, multiple upload formats, automatic conversion to pdf. | | Review - Peer Review, Bulk reviewer assignment, bulk emails, ranking, z-score statistics, and multiple worksheets! | | Reports - Many standard and custom reports generated while you wait. Print programs with participant indexes, event grids, and more! | | Scheduling - Flexible and convenient grid scheduling within rooms and buildings. Conflict checking and advanced filtering. | | Communication - Bulk email tools to help your administrators send reminders and responses. Use form letters, a message center, and much more! | | Management - Search tools, duplicate people management, editing tools, submission transfers, many tools to manage a variety of conference management headaches! | | Click here for more information. |
|
|
|
| |
|
|
|
