The bill, it seems, is a no go. With all the cyber attacks, why did it fail?
- It was all sticks, no carrots. If the government wants to impose regulations and compliance, it should at least have the good sense to offer something to the cyber security community. For example, Washington could have offered to increase law enforcement resources.
- There was little input from the cyber security community. If you want legislation to succeed, it helps to get the consent of those it will affect. In this case, we saw the “Washington knows best” dynamic that doesn’t go over well anywhere, especially with security geeks. At Black Hat, for example, Bruce Schneier talked about the merits and demerits of the bill. Imagine how much more effective if would have been if he talked about how he helped craft it, in essence, putting his weight behind the bill. Similarly, it seems every time Obama comes to the Bay Area, it’s for fund raising versus gathering ideas from the Silicon Valley.