December 5, 2011

Cybersecurity: Fear Shouldn't Dictate Public Policy

Jerry Brito

Former Senior Research Fellow

Last month, there was an initial report that Russian hackers had successfully taken control of an Illinois water-pump. While the Department of Homeland Security said at the outset that the report contained 'no credible corroborated data,' it didn’t stop pundits, defense contractors and politicians from citing the alleged incident as evidence that we need comprehensive legislation to regulate Internet security. An investigation determined, however, that the pump had simply failed.

Denial of service attacks and cyber espionage definitely exist and pose serious threats, but we have very little evidence that supports an impending kinetic attack, such as trains derailing or planes falling out of the sky. It may be possible, but the public needs to see the evidence of the threat and its probability before they can support massive regulation.

We shouldn’t make public policy out of fear. Rather than falling for the hype, we need to focus on the best solutions for the real threats.