TIA cautions against cybersecurity mandates

Lieberman and four other co-sponsors introduced a revised version of his bill last week that softened provisions dealing with critical infrastructure. It proposed to establish a program where companies operating critical infrastructure could certify that their computer systems meet certain cybersecurity standards in exchange for incentives. The changes were made to mollify concerns voiced by Republicans and business groups about the bill being too regulatory.

The five co-sponsors are hosting a press conference on Tuesday afternoon to describe the changes made to the latest version of the cybersecurity bill.

Danielle Coffey, TIA's vice president for government affairs, said the trade group is still reviewing the latest version of Lieberman's bill but noted it made "real progress" from the original one introduced earlier this year. However, she added TIA is still weighing whether the critical infrastructure provisions are "truly voluntary measures."

"If it's benchmarks and goal posts they want us to reach, and [also create] a structure where regulations may or may not be imposed, that leaves a lot open for the government to come up with regulations and mandates in the future, even if it's not the intention of this Congress to impose them right now," said Coffey.

In the white paper, TIA argues that improving information sharing about cyberthreats between the government and industry would help critical infrastructure operators immediately address bad code or other malicious threats spotted on their computer systems. The white paper noted that information sharing needs to happen in real-time and also voiced support for the House's Cyber Intelligence Sharing and Protection Act.

Lieberman, Sen. Susan Collins (R-Maine) and the other sponsors of the cybersecurity bill have argued over the past year that information sharing isn't enough to combat the growing cyberthreat the nation faces and standards for critical infrastructure also need to be a part of the legislative solution. The senators have pointed to statements made by Gen. Keith Alexander, head of U.S. Cyber Command, and former National Security Agency Director Michael Hayden about how legislation should include some sort of cybersecurity standards for critical infrastructure in addition to information sharing measures.

Among the six policy recommendations listed in the report, TIA argues for increased funding for cybersecurity research and development and support of industry-developed cybersecurity best practices. It also warns against the introduction of supply chain rules that would restrict telecommunications equipment from being imported into the United States, noting that the nation's "global economic competitiveness could be severely affected by other export markets adopting similar restrictive policies."

TIA's member companies include Qualcomm, Raytheon, Apple and Cisco.