Dear Senators Lieberman, Collins, Carper, and Rockefeller:
The Automation Federation would like to express our appreciation to each one of you for leadership and commitment to address the need to protect our critical information infrastructure and industrial automation and control systems (IACS) from cyber attacks. We support your efforts in proposed legislation to address the challenges our nation faces to deter cyber attacks against our information structure.
Within the national emphasis on industrial infrastructure security, the cyber or electronic security of IACS is critical because of the potentially disastrous impact a compromise would have on human safety, and welfare, economic viability and stability, the environment, and the integrity of the overall national infrastructure.
We again emphasize that any proposed cybersecurity legislation should include the security of IACS and the required use of recognized standards that will provide for the security framework of IACS. Present or future federal agencies that will be responsible for the implementation of any cybersecurity legislation should work with organizations that have the expertise in the automation profession to develop a program that will address the development and updating of security standards for IACS.
The Automation Federation looks forward to continuing our work with you and your staff as this important legislation advances in the Senate.
February 14, 2012 – TechAmerica today applauded the introduction of the, “Cybersecurity Act of 2012” by Senators Lieberman, Collins, Rockefeller and Feinstein saying that the legislation provides several important elements for addressing the nation’s cybersecurity including elevating critical infrastructure protection, fostering better public-private sector information sharing on cyber threats, encouraging international cybercrime coordination and modernizing the Federal Information Security and Management Act (FISMA)
“TechAmerica strongly commends Chairman Lieberman, Ranking Member Collins, Chairman Rockefeller and Chairwoman Feinstein for their tireless leadership in elevating cybersecurity to a top national priority. Today’s introduction is a major step forward towards enhancing our nation’s cybersecurity posture. This bill is a careful and bipartisan approach to a serious national security challenge and provides a comprehensive framework for protecting our most critical infrastructure, without forcing unnecessarily broad mandates on industry,” said Dan Varroney, acting President and CEO of TechAmerica.
“We were pleased to see several areas where the private sector and government can work together to protect the more than 80 percent of our nation’s critical infrastructure owned and operated by the private sector,” added Mr. Varroney. “TechAmerica remains committed to further refinement of the legislation to ensure the private sector has a strong voice at the table. We hope that Congress will follow the tenet of first, do no harm, while being mindful that legislating on a complex technical issue of cybersecurity can have many possible unintended consequences. It is paramount that we preserve industry’s ability to continue to innovate and be flexible to respond to the evolving cyber threat landscape.”
The Cybersecurity Act of 2012 (S.2105) would institute a massive regulatory regime for the internet, under the guise of protecting Americans from cyber attacks from foreign nations.
As The Heritage Foundation notes, “The specter of a crippling attack on critical industries, such as the electrical grid or the financial system, looms in the minds of many.” However, Congress should not rush to pass legislation without fully considering the consequences of the bill to ensure that the legislation does not do more harm than good. The Cybersecurity Act of 2012, commonly referred to as Lieberman-Collins, falls into the “more harm than good” category.
The federal government does not have a good track record of properly regulating industries without causing harm. They are ill-equipped to develop effective cybersecurity regulations, and would instead create a cumbersome regulatory process that would pose an undue burden to the industry. Even though this bill makes adherence to the regulations “voluntary,” the regulatory footprint imposed by this bill would still be too cumbersome and include too many unknowns to adequately protect the industry from an attack without damaging the internet industry itself. Although it is marginally better than a fully mandatory paradigm of regulations, it would leave open the strong possibility of individual agencies making their regulations binding.
In addition to this regime, the bill would freeze innovation and investment as the Department of Homeland Security (DHS) works to develop the new standards for network security. Given how long it takes the government to do anything, this uncertainty could cripple the industry. And none of this takes into account the very real possibility of DHS setting inadequate or dangerously unfocused standards. Instead of a government regime controlling every aspect of cybersecurity, it should cooperate with the private sector. For example, the government could collect and share important threat and vulnerability information, while the private sector innovates and uses the information to protect itself and our nation from risk.
Heritage Action opposes the Cybersecurity Act of 2012 and will include it as a key vote on our scorecard.