My brain sometimes makes strange connections. For example, when I learned that Republican senators are blaming Democratic senators for blaming Republican senators for not passing a cybersecurity bill, I somehow thought of Huey Lewis' 1984 hit, "I Want a New Drug".
The song seems weirdly appropriate in a few different ways. First, of course, "I Want a New Drug" was a hit back in 1984, the year of George Orwell's anachronistic but moderately prophetic tome on nationalism, repression, censorship, and the surveillance society. It's important to be thinking about issues of liberty and privacy when thinking about a new, comprehensive cybersecurity bill.
But, secondly, the song "I Want a New Drug" is, essentially, a laundry-list of specifications. Huey wants a drug that won't make him sick, won't make him nervous, won't spill, won't cost too much, won't keep him up all night, and so forth.
Our cybersecurity bills are also laundry lists -- and we also have a laundry list of bills. Whether it's the Cyber Intelligence Sharing and Protection Act, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011, the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012, the Cybersecurity Act of 2012 (PDF), the Cybersecurity Enhancement Act of 2012, or even the FISMA update, Federal Information Security Amendment Act of 2012 -- these bills are all laundry lists of features.
One grants the government better access to shared information. Another expands the role of the Department of Homeland Security so that it can set security standards required of certain companies and agencies, another sets up a threat-sharing center inside the NSA. The list goes on. And on. And on. And on.
Although I've said that the Cybersecurity Act of 2012 probably should be passed into law, the bill really isn't much more than Huey's wish for a new drug, in that it's a wish list, a paper tiger. On the other hand, many others, including the EFF, have stated that some of these proposed laws might be over-reaching and probably unnecessary.
Here's the thing, though -- if our politicians think a mere wish list will make a difference in defending against digital attacks from real foes, they're probably high.
While Rome burns, while cyberattacks are reported at a blistering rate, our politicians fiddle around, blaming each other for blaming each other for not getting things done.
Now, think about it. Who gets things done when management fiddles around? IT professionals, of course. You folks.
And who will protect your users and servers when a distributed denial of service hits? Some piece of legislation? No. You geeks will.
And who will clean up a malware infested computer when some nasty worm hits it? Our illustrious U.S. Senate? No, of course not. Y'all will.
The point is, whether or not new laws are passed, whether or not we even need new laws, the troops on the front lines of the cyberwar aren't politicians. They're not lawyers. They're not even law enforcement. Nope.
They're IT professionals. They're you.
And, so, yes, we'll continue to follow the kindergarten antics of our political class, and I may even tell you this bill or that bill has merit. But there's only one real truth, and that's this: when the bits hit the firewall, it's the techies who get called.