Walden Mulls Cybersecurity Incentives for Private Sector
The House Communications Subcommittee is developing a cybersecurity bill, Chairman Greg Walden, R-Ore., said Wednesday. After a hearing Wednesday about threats to communications networks, Walden said he’s considering legislation that would provide incentives for the private sector to improve their cyber defenses. “We cannot legislatively through mandates ever get ahead of those who seek to do us harm,” Walden said. But Congress can set up an “incentives-based system that helps [the] private sector … to innovate and not only keep up but get ahead,” he said.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
The bill could be passed after Congress finishes other cybersecurity legislation, Walden said. He declined to give a timeframe for his bill. It’s important to move rapidly to combat cyber threats, but Walden doesn’t want to rush, because “we want to get it right, too,” he said. The cybersecurity bill (HR-3523) by House Intelligence Committee Chairman Mike Rogers, R-Mich., may be ready to move right away since it has broad support from both parties, Walden said. But the Communications Subcommittee chairman still wants to “dive deeper” into remaining areas where his subcommittee has jurisdiction, he said. Congress can act on cybersecurity “in pieces,” Walden said. “I don’t want to get bogged down in a giant bill."
Walden is “concerned that our communications networks are under siege,” he said during the hearing. “I am worried that the devices consumers use to access those networks are vulnerable. I am concerned that our process for looking at communications supply chain issues lacks coordination. I am also concerned that our cyber defenses are not keeping pace with the cyber threats.” Small businesses confront “a dizzying array of threats online from the Zeus Trojan horse to Stuxnet, from lulzsec to botnets,” Walden said. “Unless our cyber defenses hold, a bad actor could drain the bank account of a business, crash an online company’s website or launch a barrage of cyber attacks on a company’s network.”
Action is needed, agreed subcommittee Ranking Member Anna Eshoo, D-Calif., urging more education and training, followed by improved information sharing between industry and government. Eshoo praised the cybersecurity bill by Rogers. Meanwhile, Rep. Ed Markey, D-Mass., urged passage of his electric grid cybersecurity bill with Commerce Committee Chairman Fred Upton, R-Mich., the Grid Reliability and Infrastructure Defense Act.
"No one is more connected than the United States,” and therefore “we are at more risk” than other nations to cyber attacks, said Rogers, who also is on the subcommittee. The only “silver bullet” stopping attacks would be to disconnect a computer from the network and use it as a paper weight, said Rep. Lee Terry, R-Neb. That’s not an answer given the importance of Internet commerce, he said.
Mandates alone won’t improve cybersecurity, several witnesses said. A mix of regulations, tax breaks, subsidies for research and coordination would provide industry with the right incentives, said James Lewis of the Center for Strategic and International Studies. “The big telecom companies are pretty good at securing themselves and don’t need more regulation,” Lewis said. Australia has done well by providing a “voluntary code of conduct,” he said. Internet Security Alliance President Larry Clinton said the “notion that all we need is a set of federal regulations is vastly oversimplified, and potentially dangerous.” He said regulations alone would be like “mandating thicker armor” after the invention of guns. Incentives should be catered individually for each industry, Clinton said.
The FCC should take an active role in cybersecurity on the commercial networks, Lewis said. The role of ISPs in keeping the nation secure is growing in importance, Lewis said. “The FCC needs to own that infrastructure,” he said.
The U.S. must move rapidly to bolster defenses to cyber attacks, witnesses said. “The threat is real, the vulnerabilities are extensive and the time for action is now,” said Robert Dix, vice president at Juniper Networks. The nation’s adversaries are “always looking” for ways to get around U.S. cyber defenses, said McAfee Chief Technology Officer Phyllis Schneck. Entrust CEO Bill Connor added, “They're not waiting for us to legislate.”