Home / Blogs

Creating a National Cybersecurity Framework: Need For New Regulation?

The Congressional Research Service (CRS) recently released a major new study examining cybersecurity. The report, “Creating a National Framework for Cybersecurity: An Analysis of Issues and Options” discusses a variety of significant public and private cybersecurity concerns.

The CRS analysis lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards and certification to promulgating best practices and guidelines and use of audits among other measures. However, the most crucial observation in the report is that none of the enumerated options “are likely to be widely adopted in the absence of sufficient economic incentives for cybersecurity.”

The report goes on to explain that many “observers believe that cyberspace has too many properties of a commons for market forces alone to provide…” the needed economic incentives. Also noted in the report is that current laws, regulations and public-private partnerships “appear to be much narrower in scope than the policies called for in the National Strategy to Secure Cyberspace…” and related documents.

The CRS report discusses a variety of Congressional options for potentially improving cybersecurity including: use of product liability actions; development of cybersecurity insurance; and encouraging widespread adoption cybersecurity standards and best practices as well as “procurement leveraging by the federal government…” The report also notes that it will be updated in response to significant cybersecurity developments.

Thus, the CRS report places two key challenges before the public and private sectors: 1) determining whether there really are insufficient economic incentives for sufficiently strengthening cybersecurity; and 2) if there are insufficient incentives, determining how to craft the most efficient and effective measures for achieving needed cybersecurity improvements.

It is important that all stakeholders, including the government, take the measures needed to secure cyberspace. It is also important that, in attempting to improve cybersecurity, the government not create more problems than it solves.

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign