Board action taken because of urgency of issue
The ABA Board of Governors approved a policy this month on cybersecurity comprised of five principles that the association is urging the executive and legislative branches to consider when making policy determinations for improving cybersecurity for the U.S. public and private sectors.
- Principle 1: Public–private frameworks are essential to successfully protect U.S. assets, infrastructure, and economic interests from cybersecurity attacks.
- Principle 2: Robust information sharing and collaboration between government agencies and private industry are necessary to manage global cyber risks.
- Principle 3: Legal and policy environments must be modernized to stay ahead of or, at a minimum, keep pace with technological advancements.
- Principle 4: Privacy and civil liberties must remain a priority when developing cybersecurity law and policy.
- Principle 5: Training, education, and workforce development of government and corporate senior leadership, technical operators, and lawyers require adequate investment and resourcing in cybersecurity to be successful.
“Growing cybersecurity attacks against U.S. public and private sector entities threaten the delivery of essential citizen services, security of corporate date, including intellectual property and trade secrets, U.S. government assets and data, and personally identifiable information about citizens,” according to the report accompanying the principles.
The resolution was brought to the board by the ABA Cybersecurity Legal Task Force, a group established by ABA President Laurel G. Bellows to help identify and address cybersecurity and cyber-espionage challenges and to consider potential cybersecurity threats and national plans to confront them, including a legal framework for addressing cybersecurity. The board is authorized to act on policy proposals between meetings of the House of Delegates if a matter requires immediate consideration.
The board adopted the five principles as Congress is weighing cybersecurity legislation and President Obama is contemplating an executive order on the issue if Congress does not act. On Nov. 14, the Senate failed to garner the 60 votes needed to proceed to consideration of the Cybersecurity Act of 2012 (S. 3414), a comprehensive bill addressing cybersecurity issues related to critical infrastructures in the United States. This was the Senate’s second attempt to bring the legislation to the Senate floor for a vote. The bill would provide, among other things, for development of private sector cybersecurity practices and encourage voluntary adoption by companies involved in critical infrastructure.
The Congressional Research Service identified more than 40 bills and resolutions introduced during the 112th Congress that include cybersecurity provisions. It now appears that none will become law this year.