DHS Sees the Internet As Better Left Alone

No less an agency than the Department of Homeland Security, the poster child for government bureaucracy run amok, has concluded what few other Beltway insiders haveââ?¬â??that the Internet works just fine without government-imposed mandates and requirements, even in such critical areas as security and survivability. DHS reached its conclusions following a General Accountability Office assessment of cybersecurity issues, including the vulnerability of Internet infrastructure to terrorist attack, and whether the government should impose compliance mandates on the industry to reduce or eliminate these vulnerabilities. Even as Congress debates network neutrality, which would prohibit service providers from creating quality of service tiers for Web-based content and applications, the GAO said market forces are doing a much better job managing the way the Internet functions and recommended that DHS not attempt to craft security mandates and directives Larry Downes, a columnist for CIO Insight, sums up the GAO’s recommendations, which cut to the heart of why the Internet is different from the “public utilities” regulatory fans compare it to, and adds his own thoughts.

“The final report, and the subsequent lethargy of the DHS, reflect what is fundamentally a conservative view of government: Don’t get involved until it’s clear the market has failed. To quote again from the final report, ‘Externally, a government role in cybersecurity is warranted in cases where high transaction costs or legal barriers lead to significant coordination problems; cases in which governments operate in the absence of private sector forces; resolution of incentive problems that lead to under provisioning of critical shared resources; and raising awareness.’ “Well, guess what? I agree. For one thing, the Internet is not like other national infrastructures. Unlike highways, the Internet is not built and operated by government entities. Unlike public utilities, such as the electric grid and the water supply, the Internet is not heavily supervised, inspected or controlled by regulators. At its core, the Internet is a private infrastructure, which owes its remarkable success, spread and constantly improving price/performance to the fact that it is in some sense a reflection of ‘market forces’ at their purestââ?¬â??an infrastructure of profoundly low, and always dropping, transaction costs. “Our best defense against a catastrophic loss of Internet access is not a less supine DHS…but the Internet itself. Its decentralized design, full of the kind of checks and balances that make democracies work, is far more capable of withstanding natural disaster or terrorist attack than anything all the agencies and task forces and public/private partnerships in Washington could ever come up with. As the GAO report notes, since the creation of the DHS, the Internet has withstood a Baltimore tunnel fire in 2001 that burned key fiber-optic cables, the destruction caused by Hurricane Katrina, and coordinated attacks from the Code Red and Slammer worms. In all these instances there were local disruptions, but most Internet users weren’t even aware of the damage. And the DHS played no part in the recovery.”