“NO” ON THE CYBERSECURITY ACT OF 2012

This week the Senate may vote on the Cybersecurity Act of 2012 (S. 3414), which would institute a massive regulatory regime for internet, under the guise of protecting Americans from cyber attacks from foreign nations.

As The Heritage Foundation notes, “The specter of a crippling attack on critical industries, such as the electrical grid or the financial system, looms in the minds of many.” However,  Congress should not rush to pass legislation without fully considering the consequences of the bill to ensure that the legislation does not do more harm than good. The Cybersecurity Act of 2012, commonly referred to as Lieberman-Collins, falls into the “more harm than good” category.

The federal government does not have a good track record of properly regulating industries without causing harm. They are ill-equipped to develop effective cybersecurity regulations, and would instead create a cumbersome regulatory process that would pose an undue burden to the industry. Even though this bill makes adherence to the regulations “voluntary,” the regulatory footprint imposed by this bill would still be too cumbersome and include too many unknowns to adequately protect the industry from an attack without damaging the internet industry itself.  Although it is marginally better than a fully mandatory paradigm of regulations, it would leave open the strong possibility of individual agencies making their regulations binding.

In addition to this regime, the bill would freeze innovation and investment as the Department of Homeland Security (DHS) works to develop the new standards for network security. Given how long it takes the government to do anything, this uncertainty could cripple the industry. And none of this takes into account the very real possibility of DHS setting inadequate or dangerously unfocused standards.  Instead of a government regime controlling every aspect of cybersecurity, it should cooperate with the private sector. For example, the government could collect and share important threat and vulnerability information, while the private sector innovates and uses the information to protect itself and our nation from risk.

Heritage Action opposes the Cybersecurity Act of 2012 and will include it as a key vote on our scorecard.

*** key vote was originally issued July 24, 2012 ***

Related Links:

Heritage Action’s Scorecard

Cybersecurity Act of 2012 is Back, but Same Problems and Questions Remain

Cybersecurity Act of 2012: Revised Cyber Bill Still Has Problems

Heritage: Comparison of Cybersecurity Legislation

The Alarming Trend of Cybersecurity Breaches and Failures in the U.S. Government