Regulation vs Innovation

  1. Challenges Policy Makers face to Counter Cybercrime
  2. Cybercrime vs Traditional Crime
  3. Risks, Threats and Vulnerabilities
  4. Security Policies
  5. Cost and Challenges with E-Government
  6. Cultural Values and Moral Legitimacy
  7. One audit standard fits all?
  8. Mobile Security
  9. Will the Mandiant Report Raise Public Awareness?
  10. Ethical vs Non-Ethical Hackers
  11. Motivation and Intent of Hackers
  12. Hacking as an Addiction
  13. Online Anonymity: Good or Bad?
  14. Identity Theft and Inexperienced Internet Users
  15. Regulation vs Innovation
  16. 3D Printing, Copyright and Legal Matters
  17. Software Piracy on an International Scale
  18. Workplace Monitoring and Blocking Software

One of the ongoing discussions in the United States focuses on the need for regulation versus the need to free business from restrictive laws that would hinder innovation.  There are many sources that provide strong arguments for both sides.  You only have to look as far as the current state of patent regulations and recent lawsuits involving tech giants Samsung and Apple to see the impact these laws make within the industry.  Many argue, for example, that the patent laws within the United States are too restrictive and stifle innovation.  What about cybersecurity regulations though?  Are there regulations in this domain that hinder business’ ability to innovate?

In the last decade, several new laws have been created in order to defend against cyber-attacks, however in many occasions these have been insufficient to deal with the real international threats facing both individuals and corporations.  President Obama concluded in his State of the Union address that “we cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”  Flaherty (2013).  Currently, the most comprehensive law is the Federal Information Security Act (FISMA), which was put in place to require “all government agencies to develop security management systems.”  Vacca (2010).  This applies only to federal agencies, and while private businesses can adopt parts of this to improve their own security, this law does not regulate the private sector.  In 2012, the Cybersecurity Act failed to pass and this legislation and this law only set out to include voluntary measures.

Some industry specific regulations exist that, while cybersecurity initiatives were not their primary objective, certain standards have been mandated.  The Gramm Leach Bliley Act, which was originally enacted to eliminate legal barriers between financial institutions, also provided new rules for financial privacy (Janger & Schwartz, 2002).  These rules serve to combat against cybersecurity vulnerabilities and institutions are accountable to these measures.  On the whole however, it can be argued in light of cyber security specific regulations, there currently is little that would hinder business’ ability to innovate.  On the other hand, however, much needs to be done in terms of strengthening cybersecurity laws and regulation within the United States.


  1. Flaherty, A. (2013).  State of the Union: Obama’s Cybersecurity Plan.  Time Tech.  Retrieved from:
  2. Janger, E., J., & Schwartz, P., M. (2002). The Gramm-Leach-Bliley Act, information privacy, and the limits of default rules.  Retrieved from
  3. Vacca, J. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann Publications.

Image Credits: Photo by Isis França on Unsplash.

More Similar Posts