Cybersecurity Bill May Be on the Table Again
Senate Majority Leader Harry Reid “released a statement saying that he plans to bring cybersecurity legislation to the floor again, when this year’s lame-duck session gets underway,” CQ (sub req’d) reported earlier today. The cybersecurity bill takes up the issues of sharing cybersecurity threat information between companies and the government, and critical infrastructure guidelines.
In an attempt to make the bill more acceptable to GOP leaders, they’ve called for the removal of “language that would put the Homeland Security Department in charge of coordinating the sharing of cybersecurity-threat information between companies.” Moreover, “the U.S. Chamber of Commerce is still holding out hope that additional provisions will be added to protect businesses from lawsuits for sharing information.”
The bill currently in the works “would focus on information sharing and would leave other hot issues, such as critical-infrastructure guidelines, for future action.”
Conservatives acknowledge the possibility of cyber attacks and understand the dangers of such an attack. In considering cybersecurity legislation, Heritage’s Paul Rosenzweig has outlined a number of questions that must be answered. For example, what “critical infrastructure is covered?” Some of this is left to the Department of Homeland Security to define, which creates a great deal of uncertainty regarding what industries will fall under this definition.
Rosenzweig questions the government’s expertise for regulating critical infrastructure, and suggests, with good reason, that it should not. For example, most qualified cyber specialists chose to work in more lucrative positions, not for government. Also, he notes:
“The federal government has had more than 60 breaches of its own systems in the past eight years. What makes anyone think they would do better than the private sector, which is already doing a good job and has every incentive to do so?”
CQ adds, “GOP aides involved in the negotiations say it’s naive to think that the bill’s opponents have only recently realized the severity of the cybersecurity threat or that lawmakers would miraculously cast off their policy concerns after Nov. 6.”
The unnamed aides are right, for once. Principled conservatives should remain committed to their principles with regard to cybersecurity legislation. The type of government intervention in cybersecurity that has been proposed to date is fundamentally flawed. Lawmakers could improve information sharing, increase public awareness and education, and increase already established public-private partnerships, according to Rosenzweig, without the heavy-handed top-down approach that has been discussed for months.