Andrea Castillo, program manager in the Technology Policy Program at George Mason University s Mercatus Center, argues against such a mandate.
Indeed, state requirements vary in 47 states, and federal rules are inconsistent across sectors and lack specificity.
The Cybersecurity Act signed into law in December, as part of a broader spending bill, creates a framework for voluntary sharing of cyberthreat information.
This is a significant step, but it, too, doesn't go far enough.
The government should first focus on correcting policy missteps from the past.
It should promote the use of strong encryption and reform counterproductive laws like the Computer Fraud and Abuse Act that chill security research.