Rockefeller Stumps for His Cybersecurity BillSenate Commerce Chair Sees Gov-Biz Partnership Securing IT
It's been more than a month since the bill, the Cybersecurity Act of 2010, won the unanimous approval of the Senate Commerce, Science and Transportation Committee that the Democrat chairs, and he made a case for the measure and a public-private partnership to protect the nation's key IT assets before the Business Software Alliance, a trade group, in Washington.
The Rockefeller-Snowe bill, S. 773, is one of a half-dozen major IT security measures before Congress. The odds grow that any significant cybersecurity bill will become law this year as the November election draws closer as nearly a third of the senators and most House members focus on getting reelected.
In pitching his bill, Rockefeller said in his prepared remarks that government won't dictate to business how to secure private-sector IT. "Let me be very clear: when it comes to cybersecurity, the familiar regulation versus leave-it-to-the-market debate that always dominates discussions between the government and the private sector is a dangerous false choice. The government cannot do this on its own and neither can the private sector. This has been demonstrated and proven."
He later expanded on that point: "We all recognize that traditional regulation will not work because a bureaucracy simply cannot keep up with the necessary pace of innovation. Likewise, it should be clear that leaving our security solely to the market is a failing strategy. Neither approach can combat the threats we face alone."
Rockefeller said that cyber threats are real, and they can cause significant damage to the nation's economy. "There is just too much at stake for us to pretend that today's outdated cybersecurity policies are up to the task of protecting our nation and our economy," he said. "Our system must improve. Our security, both national and economic, depends on it. We cannot wait for a crisis to occur. If we were to drag our feet and God forbid, a terrible disaster took place, I fear the public's impulse and the government's response might be to impose tough, unbending solutions."
Rockefeller said his bill would develop a cybersecurity strategy and identify key roles and responsibilities of all the players, private and public, who will respond in a time of crisis. The bill would codify a Senate-confirmed national cybersecurity adviser who would report directly to the president and coordinate the government's cybersecurity efforts and work with the private sector. The measure would oblige the government to develop emergency response plans and hold rehearsals to clarify the roles, responsibilities and authorities in a cyber emergency.
It also would require the government to share threat and vulnerability information with the private sector. "Now is the time to give the private sector the tools it needs to collaborate with the government to address this monumental challenge," he said.
Protecting IT requires a partnership, he said: "We can do far better by acting now, and by acting together."