A panel of House Republicans charged by Speaker John Boehner (R-Ohio) with crafting recommendations for how the House could go forward in certain areas of cyber security yesterday said that the federal government should limit burdensome regulations and create voluntary incentives that encourage industry to adopt better security practices.
The report, Recommendations of the House Republican Cybersecurity Task Force, recognizes that cyber security is a “major national issue,” that it is a “real and immediate” threat, and that it threatens the nation’s economy and jobs.
The recommendations include, among others, encouraging industry to participate in the creation of voluntary cyber security standards to improve security, extending existing tax credits to investments in cyber security, streamlining information security standards so that if a company is compliant with one standard it would be in compliance with those in other laws, creating liability protections for meeting or exceeding standards, and improving intelligence and information sharing between the government and critical infrastructure.
To improve information sharing and keep the federal government from monitoring private networks, the Task Force suggests creating a new entity that would exist “outside of government” to enable the government to provide inputs on cyber threat signatures that could be used by private networks to block attacks. As with adoption of cyber security standards, participation in this entity would also limit liabilities for private infrastructure, the report says.
The Task Force was led by Rep. Mac Thornberry (R-Texas), who is on both the Armed Services and Intelligence Committees, and consisted of Republican representatives from nine committees that have jurisdiction over various aspects of cyber security.
The report follows a set of White House proposals released in the spring that were sent to Congress to help set forth priorities for cyber security and enable the creation of comprehensive legislation to deal with the dynamic and fast moving threats in cyber space (Defense Daily, May 13).
Thornberry said that this Task Force has differences with the White House proposals, calling the Obama administration’s suggestions “more regulator than is wise,” but added that “there is a lot of room to work together here.” Thornberry mentioned there are plenty of areas of agreement between the House Republicans and the White House, including updating law enforcement, data breach law, reform of the Federal Information Security Management Act, and bolstering personnel authorities so that the federal government can better compete in the labor market for cyber security talent.
The past two years the Senate has been unable to cobble together and approve any type of comprehensive cyber security legislation, which led Senate leaders to seek the proposals from the White House.
The House Republicans say they are “skeptical” of comprehensive legislation on such a complex issue as cyber security, although the report says that separate bills could be packaged together. While acknowledging it will be up to the House Republican leadership on how to proceed with cyber security bills, the report says that the various committees with cyber-related jurisdiction are best able to write their own legislation consistent with the Task Force’s recommendations.
The Task Force says its recommendations can be acted on in the current Congress.
In a statement yesterday, Boehner said “I look forward to working with our committee chairmen and all our members to examine and act on these recommendations in the coming weeks and months.”
The recommendations appeared to be well received by Democrats. Rep. Jim Langevin (D-R.I.), a member of the Armed Services Committee who keeps a keen eye on cyber security issues, said in a statement that the Task Force’s “recognizes some of the key shortcomings in our policies that must be addressed with urgency.” He added that proposals are “strong start.”
However, Langevin said that in certain areas, namely regulation and incentives, more government involvement will be necessary. Langevin has also been a proponent of the creation of a White House czar for cyber security but there is no mention of this in the House recommendations.
In the Senate, Joseph Lieberman (I/D-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, Susan Collins (R-Maine), the ranking member on the panel, and Tom Carper (D-Del.), also a committee member, all welcomed the Task Force’s proposals as a means to get moving quickly on bipartisan cyber security legislation.
“While our approaches differ in a few respects, we share many areas of agreement on how to strengthen our defenses against cyber attacks,” Collins said in a statement. “There must be a collaborative partnership between the public and private sectors. Regulation must be limited to the most critical infrastructure that, if compromised, could cause catastrophic harm to our nation.”
Larry Clinton, who heads the Internet Security Alliance, also welcomed the Task Force recommendations, saying they “will result in immediate and positive improvements in our nation’s cyber security by promoting the adoptions of proven cyber security practices, standards and technologies.”
The report also echoes other themes being put forth by the Obama administration such as increasing cyber awareness, citing suggestions by others that up to 85 percent of the cyber threats could be eliminated through “proper cyber security hygiene.”
The Task Force also encourages Internet Service Providers in the United States to develop a voluntary code whereby they notify their customers if their computers have been compromised and what actions they should take.