A House GOP task force called on Congress this week to adopt voluntary incentives – rather than federal requirements – to get private companies to further develop their cyber security.
The GOP proposes a combination of tax credits, grants, insurance and rules set by non-regulatory agencies as a way to improve the cyber security practices of private sector firms. In many ways the legislative goals of the GOP mirror those stressed by the Obama administration earlier this year. Both warn that threats like cyber warfare, hacktivism, organized cyber crime and threats to critical infrastructure like Stuxnet.
The task force, which was initiated in June by Speaker of the House John Boehner, R-Ohio, and House Majority Leader Eric Cantor, R-Va., stopped short of advocating any sort of sweeping regulation however. Instead, the group encouraged Congress to better target and focus some forms of cybersecurity regulation, including that done on power and chemical plants and water treatment facilities.
“Congress should consider carefully targeted directives for limited regulation of particular critical infrastructures to advance the protection of cyber security at these facilities using existing regulators,” the report said.
The agenda also calls for the review of two laws, the Federal Information Security Management Act (FISMA) of 2002 and the Computer Fraud and Abuse Act (CFAA) of 1986. FISMA, which regulates how the government develops information security programs, was deemed ineffective could benefit from a revamp that relies on automated monitoring of IT systems. The CFAA, which controls how unauthorized computers are used by the government, could also use an update, the GOP report claims. The task force claimed some of the act’s wording has been misinterpreted over the years and that the act’s current definition of “protected computers” is too narrow.
President Obama’s administration rolled out its cybersecurity strategy in May, making certain the country had the need for a secure and reliable Internet. The announcement came shortly after the White House advocated the proposal of a new federal data breach notification law that would require businesses to notify customers if their sensitive data has been exposed following a data breach.