Continuing on in my series about cybersecurity and whether or not government should manage it centrally, I thought I would look at some obstacles towards setting up such an office.
The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
Depending on your interpretation, the federal government is limited to the powers explicitly outlined within the Constitution. What about overseeing cyberhealth is spelled out within the powers delegated to the federal government? Removing botnets? Cleaning up users infected systems? Enforcing standards for RFCs? There are a couple of responses to this. One is that cybersecurity is a matter of national security; bots could engage in military or economic sabotage (just look at what happened to the 12 colonies in Battlestar Galactica). National security does fall into the realm of the federal government and therefore, cybersecurity does fall under the umbrella of a central office at the national level. Another response (and here comes the cynic in me) is since when has the 10th amendment been an actual, as opposed to theoretical, constraint on the powers of the federal government? There are many programs too numerous to name - the federal home mortgage program, the department of education, agriculture, wildlife services, environmental protection agency... Some of these programs have good intentions, of course. There is no denying that. But they are clearly programs that are not delegated to the United States by the Constitution and, the way I read the 10th amendment, are reserved to the States or to the people. But they are not, they are under the auspices of the federal government. So, why not simply add one more? On the other hand, I am not a lawyer who specializes in Constitutional law. So what do I know?
The second obstacle - Government Precedent Historically, government does not have the greatest track record when it comes to making things efficient. I once read (from a small government type) that in order for the government to create $1 worth of public value, it takes them $2 of taxpayer money. In other words, government is very inefficient and the private sector could do it much better for a much smaller cost. At this point in time, much in the cyberworld has not been decided, but technology does have a way of eventually settling on standards. VHS beat Beta, Blu-ray defeated HD-DVD. Microsoft Windows is the de facto standard for business computers (please, no arguments here, it's a fact that most office workers run Windows and Office for their daily tasks), UTF-8 is gaining more popularity as a character set encoding. In Europe, the continent converged on the GSM standard whereas previous incarnations were a ragtag bunch of FDMA access technologies, none of which were interoperable. The Bluetooth project was an initiative designed to allow any electronic doodad to talk to anything else. It's taking some time but it's catching on. And speaking of communications devices, the SIM card in most cell phones today are interoperable with other cell phone companies' handsets. The point is that yes, sometimes it takes a while to get technology to agree on common standards. But it does happen. What do we need government for to make these decisions? They can't possibly have access to all the data that consumers want or need whereas private enterprise can react more quickly and update their standards accordingly. The come back to this is that we cannot afford to wait while private business decides how they want to handle this. Whereas in the previous cases the biggest detriment to consumers was inconvenience, in this case, the biggest detriment to consumers is fraud, fake pharmaceuticals, and the ruining of the Internet. How much time can we afford to wait?
Are there other obstacles that I haven't named?
More in a future post.
The problem with this is that government does not have the agility or flexibility to respond and adapt as needed. All public entities whether government or public school are bound and limited in what they can do such that it suspends common sense. They cannot act quickly or without policies or laws in place to guide a consistent standard approach to every aspect. That is not what is needed here.
If, on the other hand, the authority to act quickly and have very high discretion is given, then you run the possibility of corruption, misuse of office or a tyrant.
I cannot say I have a magic bullet for the problem. A possible middle ground perhaps would be a grant to offer financial incentive to a private entity or group of entities to handle the problem.
It will be interesting to see the remainder of your thoughts on this matter.
I'm going to wrap up my brief series on cybersecurity and the federal government by taking a look at
I totally agree... since when has the gov't cared or paid attention to the 10th amendment? If they enforced it the way they should have all along 90+% of the federal gov't actions and 90+% of their spending would be unconstitutional.
Sadly, the 10th amendment has little meaning anymore. And I think the Obama administration will care even less about it than the previous administration.
Interestingly, I believe that the US Constitution, as literally written, gives the Federal gov't too little power. (and much of this believe is due moderization of interstate commerce, transportation, and communications ...all of which the founding fathers could not possibly have anticipated)
But, in practice, we've gone so out of control too far with too much federal power (far far beyond what I'd advocate) that it makes a mockery of the Constitution. We got there largely through judges' overreaching proclamations--instead of through written law and amendments. And the problem with this approach is that--once it starts--there no clear line designating where to stop.
This is like untying a ship from its dock and letting it float away. At first, it seems safe and nearby. But, eventually, its destination and safety are in jeopardy.