The last Congress adjourned without enacting cybersecurity legislation. That certainly does not send the debate back to square one, because at least one major bill from last year has already been reintroduced in the 112th Congress — the Cybersecurity and Internet Freedom Act of 2011 (S. 413), offered by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine) and Tom Carper (D-Del.). But a break in the action (not to mention a shift of political control in the House) provides an opportunity for reflection and some new strategic thinking about the best path forward.
That’s why the cybersecurity action plan that BSA unveiled this week with a coalition of highly respected and influential partners is so important. The plan — produced by BSA, the Center for Democracy & Technology, the Internet Security Alliance, TechAmerica and the U.S. Chamber of Commerce — shows that consensus is achievable on cybersecurity issues. The plan also has the practical virtue of building on a proven framework for public-private partnership that is already in place and producing tangible results.
The recommendations in the new action plan would fully operationalize the Partnership for Critical Infrastructure Protection, a collaborative arrangement between the public and private sectors that was established in 2006 to bring industry and government resources to the challenge of protecting critical infrastructure. This partnership can already boast an impressive string of achievements, including the development of technology standards and best practices, a National Cyber Incident Response Plan and a series of successful Cyber Storm exercises. The task now is to bring the partnership’s work to full scale — and the action plan released this week describes how.
The plan outlines a seven-part program with specific roles and responsibilities for industry and government. These include risk and incident-management functions, an approach to information sharing and privacy, international engagement, supply chain security practices, research and development, and public education. The Obama administration can do many of these things on its own, but there are also areas — such as updating surveillance laws — where congressional action should be considered.
Congress was unable to finish work last year on broad legislative proposals for cybersecurity. But this new plan from BSA and its partner organizations provides a series of actionable options that we know from experience will produce tangible benefits in the real world.