On the one hand there are communications and tech industry lobbyists pushing for the government to stay out of their business and let them regulate their own security measures. They claim that some of the proposed rules would be too costly and / or cumbersome for them to implement and that they are perfectly capable of securing cyberspace without government mandates or intervention.
On the other hand, a number of companies, organizations and business leaders held the National Cyber Security Summit to try and draw attention to the fact that little or nothing has been done to secure cyberspace and that the Bush Administration's National Strategy to Secure Cyberspace remains largely unfunded and unimplemented. These groups do not believe that market conditions alone are enough incentive to sway companies to do the right thing to make cyberspace more secure and feel that the government should be doing much more than they are currently doing to provide direction and guidance and mandate minimum acceptable security standards.
While I do not generally favor big government or having the federal government create new agencies and organizations designed to oversee everything- something as large and as important to the critical infrastructure and everyday economy of this nation might require intervention from the federal level. The original proposals seemed to pack much more power. But, by the time "politics" got involved and corporate special interests and lobbyists got done with it, what we ended up with was vague and mostly useless. The parts that may have been useful haven't gotten the funding to get them off the ground.
The deregulation of electricity and telecommunications industries seems to have backfired- leaving skyrocketing prices and poorly managed services in its wake. For essential services such as electricity, fuel, telephones, water and even Internet access we need the companies managing it to do what is right and what is necessary to provide the best and most stable service possible and to be prepared for emergency contingencies. When those companies answer to market conditions or shareholders more than they do to the greater good it doesn't bode well. Often doing what is right and doing what makes the most money for the shareholders are in direct conflict with each other.
Robert Vamosi has written an article on ZDNet about the state of the National Strategy to Secure Cyberspace titled We Need a New National Cybersecurity Plan - Now. In it, he points out that "More than a year since that report appeared, you and I are no better protected online than we were before Richard Clarke and his team first met. And now it will take yet another year before the computer industry proposes its own self-regulating actions."
He goes on to suggest that a new plan be developed- without undue influence from corporate lobbyists or special interests and says "They wouldn't have to start from scratch, either. Many of Richard Clarke's original ideas are worth reinstating. Among them, I favor requiring broadband ISP services to provide free antivirus and firewall software to their customers, and speeding the process to secure wireless Internet access."
Whatever the government chooses to do they need to A) put the necessary funding behind their proposals to make it happen and B) do it sooner rather than later.
