Blog Post

Crazy Idea - Cyber Security Amendment to The Constitution?

 Innovation doesn't always happen on the normal road ...

Hello Cyber Security Community and Friends,

Perhaps it is time to add a new amendment to the United States Constitution focused on cyber security and protecting our people, livelihoods and nation. When the United States Constitution and Amendments were drafted our Founding Fathers had no idea the Internet would exist and that all types of commerce could be executed without being present in front of another human being. Cyber security has not only a local impact but also a national and global impact to the human race. Without the proper governing body providing the doctrine (rules) to treat ALL people with dignity and respect, and ensuring ENFORCEMENT and GOVERNANCE of this critical doctrine, we have chaos. How can we truly solve the exploding multi-gazillion dollar problem the cyber security industry is trying to solve when an organization's motivation is capitalistic at is core?

The United States Constitution and Amendments were created to protect the people and ensure that EVERY person and citizen has a voice, so an elite few don't control everything....

One set of rules govern:

  • Citizenship
  • Voting rights
  • Drinking age
  • Driving a car
  • Flying an airplane
  • Driving a motorcycle
  • Buying a gun
  • Obtaining a passport

 

Multiple sets of rules govern Cyber Security:

  • NIST CSF (National Institute of Standards and Technology - Cybersecurity Framework)
  • SOX
  • SAS70
  • ISO-27001
  • SANS 20 CSC's (Cyber Security Controls)
  • NERC-CIP
  • PCI-DSS all versions
  • NIST SP 800-53 (National Institute of Standards and Technology Special Publication)
  • COBIT all versions
  • Etc.

Isn't the definition of insanity doing the same thing over and over and expecting a different outcome? Clearly having numerous standards and governing bodies isn't working, and in fact adds to the chaos that allows the cyber-criminal / criminal organization to win, and us as citizens, employees and organizations to lose.

What can we do?

Let me pose this to the community: What about creating a single governing body called the United States Audit, Regulatory, Compliance, Governance, and Security Agency (USARCGSA or for short ARCGSA) and collapsing ALL (and I do mean ALL) Audit, Regulatory, Compliance, Governance and Security standards into a single framework? It would be the governing body that holds organizations accountable for the rules of navigating the information superhighway!

Does it sound too crazy?

Too far out there?

Too overwhelming to achieve?

Too radical?

Wait: before you answer, grab your purse and/or wallet.

Okay—now pull out your driver's license.

If we can create an agency that governs all aspects of vehicles and licensed drivers effectively enough to actually "drive" on a highway, then I think we have a shot at this approach associated with cyber security.

I would love to hear your thoughts; feel free to comment on the blog below or email us at opinions@cybersn.com.

All the best, Kyle
Posted July 15th, 2015 by Kyle