The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Critical Infrastructure Cybersecurity: Government Regulation or Private Industry Self-Regulation?

See Article Here

Whenever I read articles like the above I can see both sides of the story. Is it the responsibility of the US Government to protect “critical infrastructure” or does private industry do it better? After living in both worlds, I ask the question why does it have to be one or the other? Why can’t it be the responsibility of both?

Shhhhh I have a secret. Private industry actually wants government regulation because it makes it easier on them to say, from a litigation perspective, I have met my responsibilities that the government requires so if anything bad happens, I am protected. The US Government does not want the responsibility of policing private industry, as there is a lot of innovation that comes from private industry and they can act faster than the bureaucratic machine that exist in the government.

So why does it have to be one or the other? Your way or my way? I never understood that. If the government establishes a minimum baseline for requirements for critical infrastructure and private industry improves on those baselines depending on their industry and risk posture, how is that bad? Ultimately, that’s what it is supposed to be about right, the best protection? There are brilliant minds in government and private industry, why is it that one has to be better than the other?

I can actually say I know the answer, what say you?