The coalition's approach has its critics. As reported in E-Commerce News, the Center for Strategic and International Studies (CSIS) has called for increased federal regulation for cybersecurity:
The current approach is flawed, says CSIS, because it "assumes incorrectly" that private entities will share adequate amounts of information despite liability, antitrust and business competition risks. The existing system underestimates the difficulty of sharing classified information with the private sector and simply assumes that if all parties had adequate information about threats, they would take action.
CSIS urges adoption of a broader regulatory system.
While any mandates should not be overly burdensome, CSIS argues that the deficiencies in current controls stem from the lack of a comprehensive regulatory framework.
However, ISA president Larry Clinton is quoted in E-Commerce News as saying that the tools are currently there to address the majority of cybersecurity attacks. "The national policy needs to recognize the difference between public sector and private sector goals and provide financial incentives for the commercial sector for implementing cybersecurity measures that aren't directly beneficial to a business goal," Clinton said in the article. The report provides suggestions of incentives for tech sector businesses.
The report also provides recommendations on risk management, incident management, information sharing and privacy, international engagement, supply chain security, innovation and research and development, and education and awareness.