Cybersecurity issues are once again in the forefront on Capitol Hill following the president’s Feb. 12 presidential policy directive and executive order and reintroduction the next day of cybersecurity legislation in the House.
ABA President Laurel G. Bellows called the president’s executive order “a productive first step to address the serious threats posed by foreign nations, criminal syndicates and hackers to our national, corporate and individual security.”
The order, she said, is in line with many of the cybersecurity principles adopted by the ABA last fall. These include engaging stakeholders for public-private cooperation, enhancing the hiring of private-sector subject matter experts, and encouraging the involving of industry-led standards organizations. The order also mandates that protections for private and civil liberties be incorporated into cybersecurity activities based on applicable policies, principles and frameworks. Also established will be a mechanism for intelligence agencies to share more threat information with owners and operators of critical infrastructure, and the expediting of processes for security clearances.
Other commendable provisions, Bellows said, call for development of a cybersecurity framework to reduce cyber risks to critical infrastructure and for guidance that is technology neutral to allow for a competitive market for products and services.
Bellows emphasized that the president’s action begins the process and that “Congress has the opportunity and the legislative responsibility to comprehensively address the gaps and issues that are beyond the authority of an executive order.”
The first major bill reintroduced Feb. 13 is H.R. 624, sponsored by Rep. Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.), the chairman and ranking member, respectively, of the House Permanent Select Committee on Intelligence.
At a Feb. 14 hearing before the committee, Rogers said his bill, the Cyber Intelligence Sharing and Protection Act, would authorize the government to provide classified cyber threat information to the private sector and knock down barriers for sharing among private sector companies and between private sector companies and the government.
Witnesses at the hearing supported public-private sharing of threat information.
John Engler, president of the Business Roundtable, testified that cybersecurity threats, which he said are “dynamic and ever-evolving” are presenting risks that neither the public nor the private sector can unilaterally protect against. “The public and private sectors should develop and integrate roles and responsibilities that enable us to systematically work together toward the common goal of protecting our information assets,” he said, recommending “robust, two-way information sharing with appropriate legal and private protections….”
Also supporting the legislation was Kenneth W. DeFontes Jr., testifying on behalf of Exelon Corporation, the Edison Electric Institute and the Electric Power Supply Association; and Paul Smocer, of the Financial Services Roundtable.
Additional hearings on cybersecurity issues have been scheduled before the House Oversight and Government Reform Committee, House Science and Technology Committee panels, and the Senate Homeland Security Committee.
Meanwhile, the president also released a strategy for preventing the theft of U.S. trade secrets in light of emerging trends indicating that the pace of economic espionage and trade secret theft against U.S. corporations is accelerating.