Sophisticated cyber attacks are on the rise, most recently targeting federal agencies, media outlets, social networking sites, top corporations, and leading financial institutions. According to the U.S. government, China is by far the most significant perpetrator of state-sponsored cyber espionage, but other governments, such as Russia and Iran, are engaged in similar efforts. Whether carried out by nation-states, hacktivists, or criminal organizations, cyber attacks compromise classified information, intellectual property, consumer data, and business networks, putting our national and economic security at risk.
We must be prepared with smart and effective policies that protect private sector investment in innovation and enable companies to prevent, detect, and mitigate cyber attacks.
The administration recently issued an executive order on cybersecurity. While the Chamber opposes the expansion or creation of new regulatory regimes, the executive order contains some promising provisions. It emphasizes the need for public-private partnerships, greater information sharing, and the collaborative development of a cybersecurity framework and program.
The executive order gives us a chance to see what works and what doesn’t. It gives the administration an opportunity to hear the perspectives and concerns of the private sector as cybersecurity policy is developed. The executive order should also be complemented with information-sharing legislation that has the support of the broader business community.
Congress must continue to work on a bipartisan bill that would put timely, reliable, and actionable information into the hands of businesses so that they can better protect their systems and assets. In turn, businesses need liability protections when they voluntarily share with the government and industry peers. Cybersecurity legislation should also encourage international cooperation against cyber crime, enhance research and development, reform the Federal Information Security Management Act of 2002, and heighten public awareness and education.
It’s vital that our cybersecurity policies don’t create burdensome regulations or new bureaucracies. Existing regulatory models won’t allow us to keep up with the rapidly developing threats in cyberspace. Today’s regulations could be outdated tomorrow, and companies could actually become more vulnerable if they’re operating under security requirements that are obsolete.
Businesses genuinely want partners—not regulators—in the fight against cyber criminals. The key to an effective cybersecurity strategy must be collaboration. We all have a stake in the outcome of the debate—so we must work together and ensure that we get it right.