Cybersecurity recs from House GOP, CCIA

October 14, 2011

Cybersecurity has been the national security topic du jour for months.  Earlier this year then CIA Director Leon Pannetta warned of the potential of a “cyber Pearl Harbor”, while in May the Obama Administration released its cybersecurity legislative proposal.  And last week the House GOP’s Cybersecurity Task Force (CTF) released its recommendations.

The Obama Administration and the CTF largely agree on the major issues where federal government action is needed to deal with looming cyber threats. For instance, both agree on the need for reforms of the Computer Fraud and Abuse Act and the Federal Information Security Management Act, both propose that Congress address data breach notification so that requirements for organizations that have been attacked are the same nationwide, and both propose the creation of voluntary information sharing about cyber threats between the public and private sectors.

The areas of disagreement between the two proposals are largely based on (surprise, surprise) the role of the federal government in overseeing and regulating the cybersecurity practices in the private sector.  For example, while both the Administration and the CFT see the federal government (most likely DHS) playing a coordinating role in assisting the development of cybersecurity standards and practices by owners of private critical infrastructure, the Administration’s proposal would allow DHS to step in and override private sector decisions about appropriate risk frameworks where it deems it necessary.

That said, the areas of agreement between the Administration and the CFT are broad enough that we are hopeful that Congress will move quickly on cybersecurity legislation – whether comprehensive or piecemeal.  The CFT has said that its recommendations can be acted upon during this Congress – we encourage the Administration and the Congress to work together to address cybersecurity issues within that time frame.

While the devil is in the details, CCIA favors legislation that will address cybersecurity threats by:

  •  Allowing greater cooperation and information sharing amongst and between the private and public sectors regarding cyber threats; however, private information must be protected, both from inappropriate government and private sector use.
  • Harmonizing existing data breach laws with federal legislation so that sensitive personal data is treated identically regardless of where it is stored – this will allow businesses to standardize their notification practices nationwide and give customers greater peace of mind.
  • Promoting cybersecurity standard setting by cooperation between the public and private sectors and academia.  Standards must be technology neutral so they can evolve over time to deal with new threats and incorporate new technologies.
  • Promoting international cooperation in creating cybersecurity standards
  • Updating existing laws, such as the Computer Fraud and Abuse Act, to appropriately address today’s cyber threats
  •  Incentivizing cybersecurity training and education to develop the next generation of cybersecurity professionals

Related Articles

CCIA, 10 Associations, Groups Warn Senate Judiciary Leaders EARN IT Bill Would Make Internet Less Safe, Weaken Ability To Remove Illegal Content

Feb 9, 2022

Washington – The Senate Judiciary Committee is scheduled to mark up the “Eliminating Abusive and Rampant Neglect of Interactive Technologies” (EARN IT) Act on Thursday, which would weaken the law companies rely upon to address objectionable activity online, commonly referred to as Section 230, in a misdirected effort to combat child sexual abuse material (CSAM)…

Study Offers Reasons Why Government Technology and Procurement Practices Needs to Change

Nov 15, 2021

Washington — A study by market research firm Omdia released Monday explores reasons why most government departments rely on just one vendor for productivity software and why IT departments are choosing to select ease of management and end user familiarity with the tools at the expense of developing a best of breed approach that would…

CCIA Whitepaper Identifies National Security Risks Posed By House Bills Targeting U.S. Tech Companies

Sep 13, 2021

Washington — The Computer & Communications Industry Association has released a white paper on the national security implications of several House-passed bills aimed at a handful of U.S. tech companies as they compete with foreign companies. These bills were introduced in June 2021 and were marked up without legislative hearings or input from stakeholders, particularly…