Security Regulations and the Public/Private Relationship
Last week the U.S. House of Representatives passed a cyber-security bill and sent it on to the Senate. This got me thinking, what is government’s role in regulating the security requirements of our nation’s critical infrastructure?
Security's primary goal is to establish a trusted relationship and protect people, products, and services from un-authorized or malicious intent. When it comes to protecting our nations critical infrastructure that trust is fundamental to society operating in a mutually beneficial manner. When that trust breaks down our society stops operating in a mutually productive way and we all suffer the consequences. The air travel restrictions immediately following the September 11th attacks and the financial crisis of the 1920's and 2000's are prime examples of what happens when trust is replaced by fear.
Many believe that the market will self regulate itself in the absence of any incentives one way or the other. But as a security professional, I believe that we must be proactive when it comes to protecting our nation’s critical infrastructure. Security is a balancing act between business imperatives and security imperatives and finding the correct balance is very complex, and requires a deep expertise and a thorough understanding of the vulnerability landscape. Unfortunately, for many companies, security is often viewed as an additional business expense. When expenses are minimized, security suffers, and our infrastructure is put at risk.