Cyber Security Net Works : Free Market Solutions Work Best

The problem that is so aptly pointed out here is any program that comes from the federal government will be flawed. Any mandated program from the federal government will necessarily fail as it was designed by individuals that have little or no connection to the real world. Government bureaucrats are fully invested in self protection, especially the federal government bureaucrats.

As past history has shown with absolute clarity, government bureaucrats are not to be trusted to do anything that actually benefits the general public, especially when the progressive socialists are in power. ObamaCare? How's that working out for us? Eric Holder's Justice department? The IRS?

State run and designed cyber security networks or those by individuals, will more readily concentrate power in the hands of the people who actually can make it work. Free market solutions always work better.

 For the government to be effective in governing, it must have the trust of the population that it actually is there as a servant of the people, not there to take control of the population that exists today in Washington.

The Cybersecurity Framework Is the Wrong Approach
Source: Eli Dourado and Andrea Castillo, "Why the Cybersecurity Framework Will Make Us Less Secure," Mercatus Center, April 17, 2014.

April 30, 2014

The new Cybersecurity Framework will cause more problems than it solves, say Eli Dourado, a research fellow, and Andrea Castillo, a research associate, at the Mercatus Center.

The Cybersecurity Framework is a federally-designed plan to improve cybersecurity for firms designated as "critical infrastructure sectors" by the Department of Homeland Security. The Framework is composed of three parts:

• The Framework Core is a compilation of best cybersecurity practices for each category within a critical infrastructure sector. It contains standards intended to service five basic functions -- identify, protect, detect, respond and recover.
• The Framework Implementation Tiers are measures of compliance within each category. Compliance levels range from Partial (the first tier) to Adaptive (the fourth tier).
• The Framework Profile provides a score to each organization on its level of cybersecurity compliance.

The program is voluntary. Unfortunately, it is not the right approach. Dourado and Castillo say that the absence of a central cybersecurity is not proof that there is not sufficient cybersecurity, noting that private companies already have incentives to develop their own cybersecurity solutions.

Market-based standards are more effective than state-mandated plans, which run the risk of becoming "mired in unwieldy top-down complexity."