Industry opposes federal role in private cybersecurity

"There is concern however that new policy initiatives may consider replacing the current model with an alternate system more reliant on government mandates directed at the private sector," the report stated.

"This change of direction would both undermine the progress that has been made and hinder efforts to achieve lasting success," it said.

The report did not specify a particular bill, but there are several attempts at comprehensive cybersecurity legislation currently before Congress. The two with the most traction appear to be bipartisan efforts from the Senate Commerce and Homeland Security committees.

The latter bill has drawn headlines because of a provision in an earlier version that included what some critics have labelled a "kill switch" for the Internet.

The bill's sponsors, Sens. Joe Lieberman (I-Conn.), Susan CollinsSusan Margaret CollinsOvernight Energy: Perry to step down as Energy secretary | Future of big-game hunting council up in the air | Dems lose vote against EPA power plant rule Overnight Defense — Presented by Boeing — Pence says Turkey agrees to ceasefire | Senators vow to move forward with Turkey sanctions | Mulvaney walks back comments tying Ukraine aid to 2016 probe On The Money: Senate fails to override Trump veto over border emergency | Trump resort to host G-7 next year | Senators to push Turkey sanctions despite ceasefire | McConnell tees up funding votes MORE (R-Maine), and Thomas Carper (D-Del.), last month inserted a provision expressly prohibiting the government from shutting down the Internet.

Both bills would give the executive branch the authority to mandate standards for private sector networks deemed part of the nation's critical infrastructure.

Senate Majority Leader Harry ReidHarry Mason ReidTrump thanks Reid for warning Democrats not to underestimate him Reid warns Democrats not to underestimate Trump Harry Reid predicts Trump, unlike Clinton, won't become more popular because of impeachment MORE (D-Nev.) has been unable to settle a standoff over which Committee should have oversight of civilian cybersecurity.

The report argues that cost and complexity are the main factors preventing private firms from investing in adequate cybersecurity measures, making incentives for voluntary adoption more effective than mandating companies comply with federal standards.

"The [public-private] partnership leaves network monitoring responsibilities for private networks where they belong – with the private sector operators – rather than having governmental agencies monitor those networks," the report said. 

The groups also said that concern over the government's ability to shut down portions of the private sector network would be better addressed by making any cybersecurity efforts voluntary.

"This also promotes transparency so that civil liberties issues that may arise can be more publicly addressed."