Never before in the history of our nation has there been such an exponential growth in technology and innovation within the span of a generation. The Internet and its offshoots are now the foundation and backbone for our work, communications, commerce and entertainment.
The Internet is not impermeable. The proliferation of cyber-crime, as well as any prospect of excessive government surveillance, could weaken the public’s confidence in the use of the Internet for commerce and in their personal lives, which would be incredibly damaging to our economy and civil society.
Protection of the Internet is of great importance. It is imperative that our government work with industry and the public to strike the right balance between ensuring that our citizens are safe and secure from cyber-criminals and hackers, while also protecting and respecting their privacy. Congress must play a central role in assisting these stakeholders to strike that balance.
In homeland security policy, we know that prevention and protection is always less costly than response and recovery. It is better to set responsible standards for oil drilling than to clean up after a spill and far better to build a resilient society and educate our citizens on how to identify signs of violent extremism than to recover from a successful terrorist attack on our soil.
This is also the case with cybersecurity.
One of the biggest low-cost, high-impact areas where Congress can help improve cybersecurity is investments in training and educational initiatives. The government can develop and deploy sophisticated monitoring technology and build cybersecurity centers. However, it is equally important — and far less expensive — for the government to educate, inform and raise public awareness of online threats and proper security practices and protocols, called “cyber-hygiene.”
While heated debate on the Hill this year has focused more on controversial aspects of federal cybersecurity efforts, Congress must do more to spur investment in public education programs and bolster existing workforce training programs that are conducted by the Department of Homeland Security, Department of Commerce and others. Increased funding for these efforts, while less glamorous than high-tech cybersecurity initiatives, is a noncontroversial way to invest in our future and build a more security-conscious public.
While the government should adhere to the light-touch approach in working with the private sector and securing the Internet — an approach that has allowed the Internet to thrive as an engine of innovation and a safe haven for free speech — one area where Congress can help the private sector protect its networks is in information sharing.
Congress must pass legislation that would improve the flow of cyber-threat information from the government to businesses and relax legal restrictions while creating a safe space to permit businesses to share with one another as well. While the House recently passed legislation that would accomplish both, it also included language permitting too much sharing of information from business to the government, including military and intelligence agencies, which has justifiably concerned privacy and civil liberties advocates. It is critical that we strike the right balance, so that consumer confidence is not undermined by overreaching authority or invasion of privacy concerns.