Position:
The government should not
be able to regulate consumer related cyber security.
Argument #1: There is already a large amount of cybersecurity
information from
the government that organizations have access too.
As an example
of a nonregulatory approach,
the NIST Cybersecurity Framework was designed to provide a
systematic and
voluntary way for private firms to assess their cybersecurity
risks and take
corrective action
commensurate
with them. Broader use of that framework would
improve the nation's cybersecurity. (Marshall, 2017)
Argument #2: It would have new regulations added constantly and
be very
demanding.
New York Department of Financial Services (DFS) has new
Cybersecurity Regulations implemented March 1, 2017 by the state
government. (Augustinos, 2017)
August 28, 2017: Covered entities must meet a list of
requirements for the new Cybersecurity Regulations.
(Augustinos, 2017)
February 15, 2018: The First annual compliance certificate
is to be submitted. (Augustinos, 2017)
March 1, 2018: Covered entities must meet a new list of
requirements that stemmed from the initial list of
requirements. (Augustinos, 2017)
September 3, 2018: Remaining requirements are to be met.
(Augustinos, 2017)
"Even after the last transition date of March 1,
2019, at which time the third party service provider
requirements (as well as all other applicable provisions
of the Regulation) will be fully operational,
Covered Entities will not be finished with their
efforts to comply with the DFS Cybersecurity
Regulation. Several requirements of the Regulation
will require ongoing, and continuous or periodic,
attention, including the requirements for risk
assessments, penetration testing and vulnerability
assessments, monitoring and training of employees,
reports to the Board of Directors, filings of compliance
certificates, and notices of certain cybersecurity
events." (Augustinos, 2017)
Argument #3: There are different ways in which the government
could assist with cybersecurity.
"Legislators are attempting
to establish guidelines to strengthen 'the security and
resiliency
of the cyber and communications infrastructure of the
United States'— the main objective of the 2011 Cybersecurity
Bill endorsed by Sens. Lieberman and Collins., ..., The intent
of the legislation was to enable both law
enforcement and companies to more easily share the evidence
of cybercrime and the electronic fingerprints and techniques of
cybercriminals (without any specifics about the company
targeted)
and thereby enable companies, government agencies
and individuals to protect themselves from a similar attack."
(Bissel, 2013)
Sources
Augustinos, T. P. (2017). New York DFS Cybersecurity
Regulation
Update: Lots Left to Do. Intellectual
Property &
Technology Law Journal, 29(12),
22–23.
Retrieved from
http://libproxy.adelphi.edu:2048/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bth&AN=126378387&site=ehost-live&scope=site. Database: Ebscohost.
Bissell, K. (2013). A strategic approach to
cybersecurity.
(cover story). Financial Executive, 29(2),
36–41.
Retrieved from
http://libproxy.adelphi.edu:2048/login?url=http://search.ebscohost.com/login.aspx?direct=true&db=bft&AN=85919964&site=ehost-live&scope=site.
Database: Ebscohost.
Marshall, P. (2017, October 6).
Cyberwarfare
threat. CQ researcher, 27, 821-844.
Retrieved from
http://library.cqpress.com/. Database: CQ Researcher.