Some Thinking on “Cyber”
Last week, I had the opportunity to testify before the House Science Committee’s Subcommittee on Technology and Innovation on the topic of “cybersecurity.” I have been reluctant to opine on it because of its complexity, but I did issue a short piece a few months ago arguing against government-run cybersecurity. That piece was cited prominently in the White House’s “Cyberspace Policy Review” and — blamo! — I’m a cybersecurity expert.
Not really — but I have been forming some opinions at a high level of generality that are worth making available. They can be found in my testimony, but I’ll summarize them briefly here.
Should You Vote on Keeping Your Local Car Dealership?
There are lots of reasons Washington should not bail out the automakers. Whatever the justification for saving financial institutions — the “lifeblood” of the economy, etc., etc. — saving selected industrial enterprises is lemon socialism at its worst. The idea that the federal government will be able to engineer an economic turnaround is, well, the sort of economic fantasy that unfortunately dominates Capitol Hill these days.
One obvious problem is that legislators now have a great excuse to micromanage the automakers. And they have already started. After all, if the taxpayers are providing subsidies, don’t they deserve to have dealerships, lots of dealerships, just down the street? That’s what our Congresscritters seem to think.
Observes Stephen Chapman of the Chicago Tribune:
The Edsel was one of the biggest flops in the history of car making. Introduced with great fanfare by Ford in 1958, it had terrible sales and was junked after only three years. But if Congress had been running Ford, the Edsel would still be on the market.
That became clear last week, when Democrats as well as Republicans expressed horror at the notion that bankrupt companies with plummeting sales would need fewer retail sales outlets. At a Senate Commerce Committee hearing, Chairman Jay Rockefeller, D-W.Va., led the way, asserting, “I honestly don’t believe that companies should be allowed to take taxpayer funds for a bailout and then leave it to local dealers and their customers to fend for themselves.”
Supporters of free markets can be grateful to Rockefeller for showing one more reason government shouldn’t rescue unsuccessful companies. As it happens, taxpayers are less likely to get their money back if the automakers are barred from paring dealerships. Protecting those dealers merely means putting someone else at risk, and that someone has been sleeping in your bed.
The Constitution guarantees West Virginia two senators, and Rockefeller seems to think it also guarantees the state a fixed supply of car sellers. “Chrysler is eliminating 40 percent of its dealerships in my state,” he fumed, “and I have heard that GM will eliminate more than 30 percent.” This development raises the ghastly prospect that “some consumers in West Virginia will have to travel much farther distances to get their cars serviced under warranty.”
Dealers were on hand to join the chorus. “To be arbitrarily closed with no compensation is wasteful and devastating,” said Russell Whatley, owner of a Chrysler outlet in Mineral Wells, Texas.
Lemon socialism mixed with pork barrel politics! Could it get any worse? Don’t ask: after all, this is Washington, D.C.
Filed under: Finance, Banking & Monetary Policy; Government and Politics; Tax and Budget Policy
When Democracy Fails, Let Bureaucracy Manage Your Health Care!
Sen. Jay Rockefeller (D-WV) admits that Congress is not competent to set medical prices and payment systems for America’s seniors:
It’s not pretty; it’s not quality; it’s not American medicine the way it should be.
His solution: give that power to an unaccountable government board.
Awesome, Fearsome, Awesome – Or Maybe Silly
This video is making the rounds because Senator Jay Rockefeller (D-WV) muses in it that perhaps the Internet shouldn’t have been invented.
He immediately grants, “That’s a stupid thing to say” – perhaps for political reasons, or perhaps because he recognizes that the Internet makes us much better off despite every risk it carries and security flaw in it.
But he goes on to overstate cybersecurity risks excessively, breathlessly, and self-seriously. Not quite to the point of stupid – maybe we can call it “silly.”
The Department of Defense, he says, is “attacked” three million times a day. Well, yeah, but these “attacks” are mostly repetitious use of the same attack, mounted by “script kiddies” – unsophisticated know-nothings who get copies of others’ attacks and run them just to make trouble. The defense against this is to continually foreclose attacks and genres of attack as they develop, the way the human body develops antibodies to germs and viruses.
It’s important work, and it’s not always easy, but securing against attacks is an ongoing, stable practice in network management and a field of ongoing study in computer science. The attacks may continue to come, but it doesn’t really matter when the immunities and failsafes are in place and continuously being updated.
More important than this kind of threat inflation is the policy premise that the Internet should be treated as critical infrastructure because some important things happen on it.
Of cyber attack, Rockefeller says, “It’s an act . . . which can shut this country down. Shut down its electricity system, its banking system, shut down really anything we have to offer. It is an awesome problem.”
Umm, not really. Here’s Cato adjunct scholar Tim Lee, commenting on a report about the Estonian cyber attacks last year:
[S]ome mission-critical activities, including voting and banking, are carried out via the Internet in some places. But to the extent that that’s true, the lesson of the Estonian attacks isn’t that the Internet is “critical infrastructure” on par with electricity and water, but that it’s stupid to build “critical infrastructure” on top of the public Internet. There’s a reason that banks maintain dedicated infrastructure for financial transactions, that the power grid has a dedicated communications infrastructure, and that computer security experts are all but unanimous that Internet voting is a bad idea.
Tim has also noted that the Estonia attacks didn’t reach parliament, ministries, banks, and media – just their Web sites. Calm down, everyone.
But in the debate over raising the bridge or lowering the river, Rockefeller is choosing the policy that most enthuses and involves him: Get critical infrastructure onto the Internet and get the government into the cyber security business.
That’s a recipe for disaster. The right answer is to warn the operators of key infrastructure to keep critical functions off the Internet and let markets and tort law hold them responsible should they fail to maintain themselves operational.
I have written elsewhere about maintaining private responsibility for cyber security. My colleague Ben Friedman has written about who owns cyber security and more on the great cyber security freakout.
Cato on Facebook
Cato on Twitter
Cato on YouTube
Cato Tweets