Don’t Settle for Less Than a Cybersecurity Law

An excerpt from a Sept. 14 op-ed in The Wall Street Journal by Republican Sens. John McCain, Kay Bailey Hutchison and Saxby Chambliss:

One week after Democrats at their convention in Charlotte, N.C., called for an open Internet that fosters “innovation” and “investment,” the Obama administration is readying plans to tighten the government’s grip. The White House is preparing an executive order on cybersecurity that unilaterally imposes more mandates and regulations on the private economy.

Cybersecurity is a priority, but anything less than a strong information-sharing bill, based on policies that enhance national security and the economy, will fall short. The Senate needs to follow the lead of the House and pass a bipartisan bill that includes clear authority to do so, and provides liability protections to allow the private sector and government to better share cyber-threat information.

American industry faces a growing cyber threat from domestic and, more frequently, global actors. Vital industries such as communications, energy and transportation confront these threats in a number of ways, including by working with the government and its federal network of cybersecurity centers. While these efforts are invaluable, more can be done.

Over the last nine months, Congress has devoted considerable attention to crafting strong cybersecurity legislation. Recognizing the need for consensus, we’ve been working through the summer to resolve fundamental differences between the two primary Senate bills: the SECURE IT Act — which we co-sponsored — and the Cybersecurity Act of 2012. Yet now it appears the administration is set to act on its own.

That’s the wrong solution because it cannot fully address the one area most critical to improving cybersecurity—enhancing the sharing of cyber-threat information among private firms and with the government. This type of information sharing, such as a company informing the government of malicious network activity, provides the government with a clearer view of the threat picture and allows network operators to identify and take steps to prevent attacks.

Related