Cable and phone companies have told Congress that regulatory second-guessing, prescriptive rules or lengthy review and approval processes would be disastrous to industry efforts to respond in real time to cybersecurity threats.
As the House and Senate consider cybersecurity legislation, the heads of the National Cable & Telecommunications Association, CTIA: The Wireless Association and US Telecom Wednesday wrote the leaders of the House and Senate, laying out their priorities for a national approach to cyber defense and providing some must-haves in any cybersecurity legislation.
"We agree with Congress that ensuring the security of cyber space is a national imperative," they wrote, "and we share the goal of promoting a national framework for cybersecurity that enhances our economic and national security posture." But, they said, "essential to that framework is ensuring that critical infrastructure providers retain the freedom to implement all measures available to them to secure their networks and systems."
The letter comes on the eve of the introduction of a Republican-backed cybersecurity billed as an alternative to a Senate Democrat version introduced two weeks ago, the latter which talked about the Department of Homeland Security developing "risk-based" network performance requirements for networks.
The letter points out that when DHS was created, the idea was a rapid response that relied on a strong partnership with the private sector. They suggest the cyber threats remain "undiminished" as should the government's commitment to that private sector partnership.
They also put in a plug for more information sharing between government and industry and protections for that sharing. "Effective cybersecurity detection and deterrence also requires the ongoing sharing of threat information between government and infrastructure providers," they wrote. "Legislation that removes the current legal barriers to information sharing and establishes the appropriate safeguards for the use of such information would greatly improve cybersecurity."
NCTA president Michael Powell, CTIA president Steve Largent, and US Telecom president Walter McCormick outlined the following legislative priorities:
- Rely on government/industry partnership rather than top-down regulations.
- Ensure that providers have the tools they need to detect and respond to cyber threats.
- Recognize that broadband cyber defense efforts should include the full ecosystem.
- Improve the federal government's own cybersecurity posture.
- Promote innovation and investment in cybersecurity.
- Lead consumer education efforts.
The three associations have already come out in favor of a House cybersecurity bill introduced last November by House Intelligence Committee Chairman Mike Rogers (R-Mich.). That bill would immunize the private sector from criminal or civil liability for using cybersecurity systems, sharing information, or not acting on information obtained or shared.