Laissez-Faire vs Government Intervention

When the government becomes involved with cybersecurity, it’s too late.

Aronetics is a company listed in Ohio like other IT companies. Ohio is a state that is passing legislation to mitigate cybersecurity issues like other states. Legislation as SB 52 and SB 220 in Ohio is a good pivot yet it isn’t enough or it is off track.

There are real and tangible problems with SB 52 and 220.

A few ground rules to review first.

1. Compliance is not security

2. Compliance is not security

3. hackthebox.eu exists, as does

4. root-me.org

5. 0-days will always exist as there is always a new day

6. 220 is misguided and 52 is open for abuse.

Take for example two companies, company A and B. Aronetics helped company B with cybersecurity issues and general technical support in a myriad of methods and ways. Company A declined our proposal and went on their own. Eventually, company A is hacked and seeks damage control from the state (per SB 52) and further protection from creditors (per SB 220). Why is company B paying taxes to help company A from their non-intervention?

Why are taxpayers paying for what is publicly available for a fee or at a highly reduced cost? Hackthebox.eu and root-me.org are good resources to teach. Ohio has created cyber boot camps around the state to teach cybersecurity.

Here are a few issues with SB 220 that was recently passed.

Aronetics knows that compliance is not security yet SB 220 grants favor for small- and medium-sized businesses that are compliant. Notwithstanding that compliance costs much more than a cup of coffee, there is the cost to maintain compliance. Audits and assessments are not a one-time event, it is a plural word with the intent that audits and assessments have to be repeated on a schedule to maintain compliance.

Here are a few issues with SB 52 that is likely to pass.

America was founded on laissez-faire capitalism. Laissez-faire, or “leave-it-alone,” in a translation from French, is a concept allowing private interests to have virtually free rein in operating business. The 18th-century Scottish economist Adam Smith strongly influenced the development of ideas about laissez-faire and, indirectly, the growth of capitalism in America. He argued that the actions of private individuals, motivated by self-interest, worked together for the greater good of society if markets were competitive. SB 52 can completely interfere with laissez-faire capitalism at the micro level much less the macro. Aronetics is not the only information technology consultant in Ohio. We may be one of a few that has roots in security since the early 90s and that is what makes us a unique firm to help your business. SB 52 is opposed by Aronetics because our constituents and clients are small- and medium-size businesses. SB 52 is written to take care of local governments, elections, business, and citizens yet the common news reports that it is solely for local government and election systems. This is simply not accurate. We are a proponent of SB 52 if the text reads local governments and elections. Businesses and citizens of Ohio do not need Ohio Cyber Militia taking care of their hacked computer, phone, nest or any else. The opportunity for abuse is large. If SB 52 is passed by the House and signed by the Governor, we’ll be one of the first to request the Ohio Cyber Militia overlook and look over one of our retired servers with customer data remaining on it.

Is there not a better opportunity for our universities to create a real-world experience rather than having an Ohio Cyber Militia from the Ohio National Guard? Do our numbers in the ONG need to increase?

This is our post, our full writeup and testimony is available on ohiohouse.gov