Mobile and cloud computing raise a host of issues not explicitly addressed by cybersecurity proposals.
While Congress and the Administration continue to debate how to tackle critical infrastructure protection and information sharing in legislation and potential executive orders, other areas demanding cybersecurity continue to grow. These areas are not necessarily specifically addressed in the existing proposed legislation or regulatory action but are ones with which technical experts, government agencies and independent users are increasingly grappling. In particular, one area to watch is the mobile space.
The federal government, along with a growing number of companies, is trying to figure out how to deal with the increasing number of smartphones, tablets, and laptops that are penetrating the workspace. Efforts to allow users to bring their own devices have resulted in new policies and positions on how to merge users' home life (and potential app use) with their work environment.
Is this an area in need of legislative action? It is unclear, though it is clear that secure mobility is integral to both cybersecurity and efforts to increase broadband use for public safety. In addition to employers and end users, service providers are increasingly finding themselves having to guarantee the integrity, confidentiality, and attribution of all data on the network. Some may argue that existing legislative and regulatory actions may cover this with their interest in putting together safeguards, guidelines and "standards" for critical infrastructure, but it is unclear.
How can entities safeguard individual devices to not provide an entry point for cyber attacks in an increasingly open and merged network space? It is one thing to discuss protecting the networks that run the electric grid. It is another to discuss protecting voice, video, and data streams for intelligence, military, public safety, and various private sector communities, which must be protected to safeguard users of these networks.
As mobile computing and cloud computing (another area that is barely touched by the legislation) become more prominent, it would not be surprising to see policymakers turning their attention away from critical infrastructure and information sharing to a more holistic approach that tackles these emerging issues. What that approach will look like, however, is unknown.