Democratic politicians are proposing a novel approach to cybersecurity: fine technology companies $100,000 a day unless they comply with directives imposed by the U.S. Department of Homeland Security.
Legislation introduced this week would allow DHS Secretary Janet Napolitano to levy those and other civil penalties on noncompliant companies that the government deems “critical,” a broad term that could sweep in Web firms, broadband providers, and even software companies and search engines.
Those requirements include presenting “cybersecurity plans” to the agency, which has the power to “approve or disapprove” each of them. DHS “may conduct announced or unannounced audits and inspections” to ensure “compliance.”
Skeptics say it’s not clear that lawyers and policy analysts who’ll inhabit DHS’ 4.5 million square-foot headquarters in the southeast corner of the District of Columbia have the expertise to improve the security of servers and networks operated by companies like AT&T, Verizon, Microsoft, and Google. (American companies already spend billions of dollars on computer security a year.)