Video

Events

Classifieds
THE HILL
 
comment
Print

Commerce officials call on Congress to pass cybersecurity legislation

By Jennifer Martinez - 03/11/13 04:19 PM ET

Commerce Department officials on Monday stressed that Congress needs to pass cybersecurity legislation that incentivizes companies to boost the security of their computer systems and networks, adding that the executive branch cannot grant that power.

"Tax incentives, liability protections— those are things that the president can't wave a magic wand and make happen," said Ari Schwartz, senior policy advisor to the Secretary of Commerce, at a briefing about the executive order hosted by law firm Venable. "Congress needs to pass those things."

The executive order issued by President Obama last month directs the Commerce Department's National Institute of Standards and Technology (NIST) to take up the task of crafting a framework of cybersecurity best practices for critical infrastructure firms to follow. While it spends the next year working with industry to draft that framework, NIST has four months to compose a list of incentives that the executive branch can offer companies in exchange for them taking steps to bolster the security of their networks and systems from hacker attacks. 

However, officials will be limited with the type of incentives it can offer industry as an executive order cannot grant new powers or authorities like congressional legislation can. These incentives are intended to entice critical infrastructure firms to join a voluntary program led by the Department of Homeland Security, which was established in the president's cyber order. The companies that participate in this program will follow the cybersecurity best practices and standards crafted by NIST.

At a Senate hearing last week, Homeland Security Secretary Janet Napolitano said the administration is considering offering  a "seal of approval" to companies who join the Homeland Security-led program and a "procurement preferences acquisition" process as possible incentives.

The officials also acknowledged that it will be "a challenge" to put together a cybersecurity framework over the next eight months that can apply across various sectors of U.S. critical infrastructure—such as water systems, electric companies and banking systems—and businesses that vary in size. They also repeated the administration's call for industry to help with the implementation of the order.

"The NIST process will not work if we don't have help from industry," said Adam Sedgewick, senior Internet policy advisor at NIST. "It will not be a successful framework if we don't get that kind of participation." 

Administration officials have said repeatedly in public remarks that the president's executive order is only a "downpayment" on cybersecurity legislation that must be passed in Congress. White House Press Secretary Jay Carney told reporters at a Monday press briefing that the president will speak to lawmakers about the need "to take action on cybersecurity" when he meets with Democrats and Republicans in both chambers this week.

The Senate has committed to returning to work on cybersecurity legislation this year, but has yet to craft a bill. In the lower chamber, the House Intelligence Committee leaders have put forward a bill that will, in part, offer liability protection to businesses if they share information about cyber threats they spot on their computer systems and networks with the government. It will also shield those companies who share information with the government from antitrust cases and freedom of information requests.

The existing cybersecurity regulations in the energy sector will likely serve as a "model" for the best practices that NIST is crafting, according to Brian Zimmet, a partner at Venable.

Zimmet noted that some critical infrastructure firms may run into issues when it comes to complying with new cybersecurity regulations because their IT professionals did not design their businesses' computer networks with that goal in mind.

"These IT networks, these computer networks were designed not…with an eye towards meeting any regulatory standards, but with an eye towards making the system work and making the company's operations as smooth as possible," he said.

With the release of the executive order, Zimmet advised companies to start thinking about how they manage access to their networks and can list which people have access to them, among other computer security issues.

He also warned that critical infrastructure firms may run into problems if they don't comply with new government cybersecurity standards. For example, Zimmet said it may be difficult in the long term for companies to secure cybersecurity insurance if they do not comply with new government standards.

View Comments
Source:
http://thehill.com/blogs/hillicon-valley/technology/287423-commerce-officials-call-on-congress-to-pass-cybersecurity-legislation
The contents of this site are © 2013 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.
The Hill Archives: Senate | House | Administration | Campaign | Business & Lobbying | Capital Living | Opinion
View News by Subject:
Defense & Homeland Security | Energy & Environment | Healthcare | Finance & Economy | Technology | Foreign Policy | Labor | Transportation & Infrastructure
Phillip J. Bond’s ‘Tech Execs’ appears here on The Hill's Hillicon Valley Blog occasionally.

More Videos »

Technology News

Technology News Archive »
Hillicon Valley Twitter - Click to follow
More From The Web

Hillicon Valley
Most Popular Stories
Most Viewed
Google files petition to publish number of FISA requests for user informationYahoo releases figures on thousands of government requests for user dataOVERNIGHT TECH: Wheeler nomination on trackEx-FTC chief Leibowitz heads to law firmCTIA official leaves to head up venture capital group
Emailed
Snowden: Facebook, Google 'misleading' in denials about surveillance program Law firm snags veteran of tech antitrust battlesPaper to host online chat with NSA leaker Edward SnowdenReport: NSA surveillance disrupted 'dozens' of terror plots Report: NSA admits listening to phone calls without warrants
Discussed
Report: NSA admits listening to phone calls without warrantsReport: NSA surveillance disrupted 'dozens' of terror plots President is 'very blunt' with Xi on hacking Facebook, Microsoft: Government requests for user data in the thousandsPaper to host online chat with NSA leaker Edward Snowden
Blog Home » Most Viewed RSS Feed »
bloglogo

Briefing Room


More Briefing Room »

Congress Blog


More Congress Blog »

Pundits Blog


More Pundits Blog »

Twitter Room


More Twitter Room »

Hillicon Valley


More Hillicon Valley »

E2-Wire (Energy)


More E2-Wire (Energy) »

Ballot Box


More Ballot Box »

On The Money


More On The Money »

Healthwatch


More Healthwatch »

Floor Action


More Floor Action »

Transportation


More Transportation »

DEFCON Hill


More DEFCON Hill »

Global Affairs


More Global Affairs »

In The Know


More In The Know »

RegWatch


More RegWatch »

Get latest news from The Hill direct to your inbox, RSS reader and mobile devices.