Industry opposes federal role in private cybersecurity

"There is concern however that new policy initiatives may consider replacing the current model with an alternate system more reliant on government mandates directed at the private sector," the report stated.

"This change of direction would both undermine the progress that has been made and hinder efforts to achieve lasting success," it said.

The report did not specify a particular bill, but there are several attempts at comprehensive cybersecurity legislation currently before Congress. The two with the most traction appear to be bipartisan efforts from the Senate Commerce and Homeland Security committees.

ADVERTISEMENT

The latter bill has drawn headlines because of a provision in an earlier version that included what some critics have labelled a "kill switch" for the Internet.

The bill's sponsors, Sens. Joe Lieberman (I-Conn.), Susan CollinsSusan Margaret CollinsOvernight Defense: Erdoğan gets earful from GOP senators | Amazon to challenge Pentagon cloud contract decision in court | Lawmakers under pressure to pass benefits fix for military families Senate confirms controversial circuit court nominee Lawmakers under pressure to pass benefits fix for military families MORE (R-Maine), and Thomas Carper (D-Del.), last month inserted a provision expressly prohibiting the government from shutting down the Internet.

Both bills would give the executive branch the authority to mandate standards for private sector networks deemed part of the nation's critical infrastructure.

Senate Majority Leader Harry ReidHarry Mason ReidThe Memo: Democrats confront prospect of long primary Bottom Line Lobbying world MORE (D-Nev.) has been unable to settle a standoff over which Committee should have oversight of civilian cybersecurity.

The report argues that cost and complexity are the main factors preventing private firms from investing in adequate cybersecurity measures, making incentives for voluntary adoption more effective than mandating companies comply with federal standards.

"The [public-private] partnership leaves network monitoring responsibilities for private networks where they belong – with the private sector operators – rather than having governmental agencies monitor those networks," the report said. 

The groups also said that concern over the government's ability to shut down portions of the private sector network would be better addressed by making any cybersecurity efforts voluntary.

"This also promotes transparency so that civil liberties issues that may arise can be more publicly addressed."