Clashing over cybersecurity

SAN FRANCISCO — Sharp exchanges among information technology industry leaders and critics during a discussion at the RSA Security Conference suggest that consensus on regulating cybersecurity will be difficult to reach.

The closest opponents came to agreeing was on requiring software companies to disclose the degree to which they follow industry best practices for writing secure software. "The market works better when it's informed," said Richard Clarke, the former U.S. cybersecurity czar who is now chairman of Good Harbor Consulting.

Arguing for regulation of the IT industry, Clarke said caustically, "Industry doesn't want to be regulated. There's a surprise. Industry only responds when you threaten regulation."

Harris Miller, president of the Information Technology Association of America, said the IT industry opposes regulation for a number of reasons, which he said include its stifling effect on innovation. Miller also said enough legislation already exists to regulate cybersecurity and that industry is making progress.

ITAA officials will release a report today on industry's cybersecurity progress. Miller said he would give industry a B-minus, with the exception of the telecommunications and financial services industries. But the federal government, he added, hasn't exactly been a good cybersecurity role model.

Rick White, a former U.S. congressman who is now president and chief executive officer of TechNet, said he would give the IT industry a B-minus for cybersecurity. Improvements "are not going to happen as fast as we'd like," White said, adding that self-regulation by people who know the industry will produce better cybersecurity.

Bruce Schneier, chief technology officer at Counterpane Internet Security, defended regulation, but with a caveat. "Regulation will stifle innovation," Schneier said, adding the public and lawmakers must choose between innovation and security. But it is important, he said, that companies bear the financial responsibility of their products' security vulnerabilities.

"The people who write the software don't bear the losses for their mistakes," Schneier said. "That fundamental economic disconnect needs to be rectified somehow."

Schneider said he would give industry a different cybersecurity grade than his colleagues. "I give them a C, but I grade on curve."


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected