Apr 22, 2015

Cybersecurity for the 21st Century

For years, we’ve known that so much of our digital world is unsecure and new policies are needed to help defend against cyberattacks. Hacks of Anthem, Sony Pictures, and Target are only the most recent and high profile examples of this growing threat.

There have been calls for action on cybersecurity across the country:

  • A torrent of cyberattacks—disruption, espionage, theft—is costing U.S. business and government billions of dollars. … For several years, it has been clear to many in government and the private sector that the nation needs to vastly improve protection of its private networks and that only government has the sophisticated tools to do that.” (Washington Post, 7/13/14)
  • “Cybersecurity is a top national priority because of the incessant attacks on computer networks and stored data by hackers around the world, many under the auspices of foreign governments. … Congress needs to resolve those differences and move ahead on legislation to improve the country’s cyberdefenses, rather than having Obama try to solve the problem one executive order at a time.” (Los Angeles Times, 4/5/15)
  • “When it comes to digital security, the government—to put it mildly—can no longer take the country’s trust for granted. A systematic assault on cybercrime is necessary, but the policy must have safeguards and oversight built in from the start, not tacked on as afterthoughts.” (Bloomberg View, 2/3/15)
  • “As a nation that relies on computer systems for everything from power grids and communications to health care, banking and high finance, not to mention military and national defense systems, how vulnerable are we?” (U-T San Diego, 12/26/14)
  • “Congress would be well advised to focus early on [cybersecurity]. The private sector remains unprepared for the kind of massive botnet assaults being aimed at the banks. The U.S. government can offer an important line of defense. Congress ought to lay down a foundation for this cooperation in new legislation, and without delay.” (Washington Post, 1/23/13)
  • “Something of this magnitude needs clear, high-level talks. Considering the obvious national security threats, it’s essential the federal government and private businesses to work in concert to protect corporate networks and the sensitive data they contain.” (Poughkeepsie Journal, 12/26/14)

One of the biggest reasons we need cybersecurity legislation is because, as Eddie Schwartz, chair of the Information Systems Audit and Control Association’s (ISACA) Cybersecurity Task Force, said,

“Most of the existing regulations [governing cybersecurity] were based on issues surrounding telephones or antiquated systems of communication that are from 20 to 30 years ago. Regulations that were made in pre-cellphone times cannot be expected to handle today’s sophisticated threats and challenges. They haven’t kept pace with the forms of digital communications we have today or the diverse threat environment that we are facing—and they badly need to catch up.”

The House has been leading on this issue for years, bringing our digital defenses to the 21st century by strengthening cybersecurity and fostering greater information sharing. Unfortunately, many of these bills died in the Democrat-controlled Senate.

As Majority Leader McCarthy told House members earlier this month,

“Cyber-attacks and cyber espionage represent increasingly dangerous and consequential threats facing the United States…. The House Republican majority has led the way on cybersecurity for years, only to see common-sense legislative solutions get stuck in Harry Reid’s Senate. With recent high profile data breaches, the White House and Senate Democrats are finally getting on board with much of what the House has already called for—giving us opportunities to work with our partners across the aisle on strong, bipartisan legislation.”

Determined to protect the American people from future cyberattacks, the House will consider two more bipartisan cybersecurity bills this week that balance security with privacy protections and may finally become law:

  • The Protecting Cyber Networks Act (H.R. 1560) promotes responsible information sharing about cyberthreats while protecting personal information. The bill provides liability protections to companies that share information in a responsible manner, but demands that all personal information be redacted before it is shared.
  • The National Cybersecurity Protection Advancement Act (H.R. 1731) creates a hub for cybersecurity threat information in the Department of Homeland Security to facilitate companies sharing information so that others can prevent and respond to cyber attacks.

After years of inaction, the White House is now joining the House on this issue, signaling that we may finally get the legislation we need signed into law.