In the current Washington dysfunction, the mission-critical problem of cybersecurity is being addressed through patchwork, stopgap solutions that often create more difficulties than they solve. The lack of a comprehensive national cyber policy has allowed the Federal Trade Commission to exert self-appointed authority, leading to two potentially landmark legal cases — cases that may soon decide if the agency has broad authority to dictate how businesses protect electronic and online data across industries.
Despite seizing a significant role in cybercrime regulation, the FTC has no explicit authority and there is no single federal agency or law to regulate data security across industries. For more than two years, Congress has unsuccessfully considered nearly a dozen different bills that seek to balance the threat of cybercrime against excessive regulation. The Obama administration is working on a cybersecurity framework, but it is not expected to be finalized until at least next year.
