Cyber threats are more sophisticated and targeted than ever and are growing at an unprecedented rate–and it makes sense that Congress is paying more attention to such a significant issue.
Today, the House Small Business Committee held a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., testified on behalf of SIIA. And yesterday, Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) unveiled new bipartisan cyber security legislation to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”
There’s no doubt that American companies need help dealing with cyber crime. McAfee Labs finds, for example, that both malicious URLs and malware have grown almost six-fold in the last two years, and that 2010 saw more new malware than all previous years combined. Likewise, cyber crime perpetrators have evolved from simple, low-budget, hackers into well-financed criminal operations that contribute to a multi-million dollar cyber crime industry.
But Congress must be careful to allow companies to attack cyber crime head-on, without limiting their ability to innovate and grow.
There are two schools of thought on government’s role in achieving a desired outcome: one that posits that regulatory mandates are the best way to incent good behavior (in this case, strong cyber security measures); and, alternatively, one that asserts that positive outcomes are best achieved via positive incentives.
The heavily regulatory approach would not necessarily make organizations more secure – just more compliant. And it would dampen innovation too. On the other hand, positive incentives have a higher probability of success in two ways: a higher chance of better actual outcomes, and a higher probability of producing legislative success. The private sector responds to incentives, and aligning the interests of the private sector with the outcomes that are in the national interest makes sense. Doing so could also provide rare proof that the phrase “win-win” is not always a cliché.
Postive incentives are clearly the most effective way to drive higher levels of trust and actual cooperation between the private sector and government – vital things needed to produce real success.
Learn more about today’s testimony on McAfee’s blog.
Laura Greenback is Communications Director at SIIA.