The Obama administration may have issued a framework to help protect companies from cyberattacks, but that doesn’t mean that the issue is off of Congress’s plate.
In fact, top tech officials said on Wednesday that the effort out of the Commerce Department could help spur new legislation to protect computer networks.
“My hope is that because of this framework, it creates a motivating force and an action–forcing event to get Congress to take on the elements of this that still require public policy,” said Dean Garfield, head of the Information Technology Industry Council, at an even at the Brookings Institution.
Last week, the administration released a 39-page voluntary cybersecurity guidance to help companies protect their systems from cyber threats. President Obama called for the guidance in an executive order released after legislation stalled in Congress.
The guidance is not binding, and some critics have been concerned that there are not enough incentives for companies to hop onboard.
Patrick Gallagher, the head of the Commerce Department's institute behind the guidance, said Congress could be able to help incentivize companies that might not otherwise have an interest in protecting their systems.
“This is a clear national need. We think it’s also in your business interest as organizations that run elements of critical infrastructure to protect these assets,” he said.
“We may find areas where there’s misalignment, where business interests aren’t quite aligned … That’s going to be the place where Congress needs to help us pay attention.”
Lawmakers could also get involved to help companies and the government share information and simplify a “mish-mash” of state regulations, said Garfield and Cameron Kerry, who served as acting Commerce secretary for a month last summer.
But that action might not be coming any time soon.
“Given the legislative calendar, I think it’s highly unlikely anything meaningful will occur in this Congress,” Garfield said, “but I do think there is a sense of interest in finding a solution.”