Democratic politicians are proposing a novel approach to cybersecurity: fine technology companies $100,000 a day unless they comply with directives imposed by the U.S. Department of Homeland Security.
Legislation introduced this week would allow DHS Secretary Janet Napolitano to levy those and other civil penalties on noncompliant companies that the government deems “critical,” a broad term that could sweep in Web firms, broadband providers, and even software companies and search engines.
“This bill will make our nation more secure and better positions DHS–the ‘focal point for the security of cyberspace’–to fulfill its critical homeland security mission,” said Rep. Bennie Thompson (D-Miss.), the chairman of the House Homeland Security Committee.
Thompson’s proposal comes after a decade of heated, sometimes classified discussions in Washington centering on how much authority the federal government should have to regulate network and computer security, and which agency should be in charge. In a series of reports, three successive presidential administrations have taken strikingly similar approaches that favor self-regulation.
Skeptics say it’s not clear that lawyers and policy analysts who will inhabit DHS’ 4.5 million square-foot headquarters in the southeast corner of the District of Columbia have the expertise to improve the security of servers and networks operated by companies like AT&T, Verizon, Microsoft, and Google. (American companies already spend billions of dollars on computer security a year.