Cybersecurity: Government Regulations Can’t Keep Up

May 10, 2013

Sarah Friesen

For the first time since 2005, the U.S. National Institute of Standards and Technology (NIST) has revised the federal cybersecurity standards. Since the last update, flash memory, Wi-Fi, smartphones, microchips, and social media have burst onto the scene.

Why has NIST not updated the federal cybersecurity standards much sooner? Because regulation moves about as quickly as cold molasses. Writing regulations takes 24–36 months, while the processing power of computers doubles every 18–24 months. This means that by the time a regulation is implemented, it’s already outdated.

Nonetheless, the current cybersecurity regime in D.C. is regulation heavy. On February 14, President Obama issued an executive order (EO) on cybersecurity that, although it took some steps to promote information sharing, mandated a new set of regulations—which NIST was put in charge of.