Cybersecurity: New Bill Offers a Sound Approach
In today’s Internet driven world, information is just a keystroke away. In innumerable ways, this fact has changed, and will continue to change, our lives for the better. But our dependence on the Internet has downsides too, as criminals and certain state actors seek to exploit our interconnectedness for criminal or political gain. And this threat is growing. Because cyber-attacks threaten our economic and national security, the President and Congressional leaders have made enacting cybersecurity legislation this year a top priority. We agree that carefully crafted cybersecurity legislation can improve the security of our nation. At the same time, this legislation must be narrowly tailored to ensure that innovative efforts to address cyber-threats are not inadvertently thwarted, as well as to ensure that industry continues to have the flexibility it needs to push the technological envelope in a way that maintains America’s world leadership in wireless. Today, wireless carriers take significant steps to protect the integrity of their networks and to safeguard the security and privacy of wireless users. CTIA’s carriers and vendors use cutting edge tools to measure, assess and mitigate cybersecurity risks because customers depend on the security of wireless networks as they integrate wireless broadband technology into their daily lives. Beyond what CTIA’s members do on their own, a number of wireless industry interests participate in numerous public and private sector cybersecurity initiatives. Legislation should recognize – and encourage - the wireless industry’s longstanding partnership with government on national security matters. It is our hope that Congress will build on this collaborative foundation rather than adopt a regulatory approach that is often more adversarial than it is cooperative. Collaboration will empower network engineers and the programmers who have the skill to thwart cyber-attacks. Regulation, conversely, will empower lawyers and compel those charged with keeping cyber-threats at bay with asking “Mother, may I?” before they act. Put simply, a “review and approval” oriented approach is counterproductive in a world where threats and tactics can change so quickly that it would be nearly impossible for government regulations and those charged with administering them to keep up. So if our starting point is “first, do no harm,” what should Congress do? Our lawmakers can help improve cybersecurity by focusing legislative efforts on improving information sharing between government and the private sector, as well as among entities within the private sector. Legislation that removes legal barriers to information sharing, while clarifying issues related to liability and privacy, will help improve security by facilitating the dissemination of real-time information that can help carriers and government identify and defeat cyber-attacks. These safeguards are not only necessary to facilitate the sharing of threat information, but also to ensure that critical cyber-defense information is shielded from disclosure to parties that should not have access to it. As we noted yesterday in a letter Steve Largent co-signed with our friends at the National Cable & Telecommunications Association and the United States Telecom Association, the federal government also has a very important role to play in securing its own networks and systems by updating the Federal Information Security Management Act (FISMA), strengthening criminal penalties for those who commit cybercrime and increasing cybersecurity research and development. CTIA encourages legislation that includes these important elements and enhances information sharing without subjecting the industry to new, unnecessary, and potentially counterproductive regulations. Today’s introduction of the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act by Senators McCain, Hutchison, Grassley, Chambliss, Murkowski, Coats, Burr and Johnson is consistent with these objectives and provides a blueprint CTIA can support as the Senate begins its discussion about how to enhance America’s cyber-defenses. While the bill would help improve the nation’s cybersecurity capabilities, it also avoids the creation of new regulatory obligations and thereby helps to ensure that America’s wireless industry retains the flexibility and freedom it needs to innovate and continue to be an engine for economic growth.