The January 6, 2014 final installment of CQ Homeland Security's (subscription required) “Experts Weigh In” feature asked DC Partner Clark Kent Ervin and Senior Policy Advisor Norma Krayem the following question regarding Congress’ next action on cybersecurity:
“This year saw two federal cybersecurity milestones, with President Obama issuing an executive order and the National Institute of Standards and Technology putting out its draft cyber framework. What should Congress’ next action be on cybersecurity?”
The CQ series brings homeland security experts in the public, private and academic sectors to weigh in on the lessons of 2013 and what’s in store for the country in 2014.
Mr. Ervin responded with the following:
Given the gravity of the threat that cyber threats pose to the nation, Congress should make a priority of passing a bill that incentivizes industry to share information about cyber-threats and cyber breaches in exchange for liability protection.
Ms. Krayem offered the following comments:
The Congress has been thoughtful about wanting to see how the EO process worked itself out, yet the EO did not address key issues that are still a concern to industry and our nation — increased information sharing and liability protections; cybercrime issues; streamlining the overlapping state data security laws, supply chain issues; real FISMA reform etc. While they may debate whether cyber legislation is needed to specifically push critical infrastructure to do more, there are a host of appropriate actions that could be taken on a bipartisan approach to address key cyber concerns in the short term.