So are we better off with CISPA as law? Absolutely. Will we be totally secure? Absolutely not. The sad truth is that our adversaries have the ability to stay more than a few steps ahead of us. Given how long it is taking Congress to let us simply dust for cyber-fingerprints, it is clear that we have a long way to go to protect ourselves.
Where do we go from here? I won’t pretend to have the answer, but I do know there is no one solution, because there is no one single threat. Given that, we have to look to dynamic, fast-acting private companies and give them the tools and running room they need to quickly develop new solutions and identify new trends. Such incentives can take the form of liability protection for when defenses don’t work perfectly and safe harbors for reporting when something bad has happened.
At the end of the day, we need CISPA and we need Rogers and Ruppersberger along with Reps. Michael McCaul, R-Texas, Mac Thornberry, R-Texas, and Jim Langevin, D-R.I., Sen. Thomas R. Carper, D-Del., and others to keep fighting the good fight. But we also have to realize that when CISPA crosses the checkered line, it doesn’t mean we can declare a winner. It just means we have completed one lap in a very long race.
Brian Finch is a partner at Dickstein Shapiro LLP and an adjunct law professor at George Washington University Law School.