Cybersecurity Improves No Matter What Congress Does

The Hill’s “Hillicon Valley” blog reported late Wednesday that cybersecurity legislation was likely to fail in the Senate today.

The post, originally titled “Cybersecurity Act Expected to Crash and Burn in Senate,” indulged in some typical Washington, D.C. conceit: “The Senate’s cybersecurity bill is likely to go down in defeat on Thursday,” it said, “ending any hope of passing a measure by the end of the year to protect America’s networks.”

It is highly arguable, the question whether cybersecurity legislation would protect America’s networks. Doing so is the responsibility of the owners and operators of those networks (and all other communications and computing infrastructure). They are working all the time on protecting their assets, and their capacities to do so are constantly improving.

Yes, attacks on computing are improving, too, but there is little substantiated evidence (the fear-mongering of government officials and contractors is not substantiated) that the bad guys are getting the upper hand.

The Scylla and Charybdis Senate leaders appear to have been navigating was between a bill that was too regulatory, swamping American tech companies and “critical infrastructure” providers with deadening regulation, and, on the other hand, a bill that tapped too deeply into Americans’ communications and data. I’m happy—and feel quite safe—with cybersecurity legislation breaking up on the shoals or getting sucked down into a whirlpool, either one.

It’s possible, of course, that Senate leaders could arrive at a last-minute compromise—they’ll come forth extolling their own heroism for doing so. It’s very likely that the next Congress will return with undiminished hubris to the idea that the federal government can and should secure our computers, networks, and data. But it’s not true. That is the responsibility, and far more within the capability, of the private-sector owners of the nation’s digital infrastructure.

Nothing in this post should diminish the importance of cybersecurity. It is indeed hundreds or thousands of different problems that will be addressed by manifold actors various ways over coming decades. The government has a role in cybersecurity: getting and keeping its own house in order. But the majority of the problem is ours, not the government’s, and we are slowly, surely taking care of it.