Sophisticated cyber attacks are on the rise, most recently targeting federal agencies, media outlets, social networking sites, top corporations and leading financial institutions. According to the U.S. government, China is by far the most significant perpetrator of state-sponsored cyber espionage, but other governments, such as Russia and Iran, are engaged in similar efforts.
Whether carried out by nation-states, hacktivists or criminal organizations, cyber attacks compromise classified information, intellectual property, consumer data and business networks, putting our national and economic security at risk.
We must be prepared with smart and effective policies that protect private-sector investment in innovation and enable companies to prevent, detect and mitigate cyber attacks.
The Obama administration recently issued an executive order on cyber security. While the U.S. Chamber of Commerce opposes the expansion or creation of new regulatory regimes, the executive order contains some promising provisions. It emphasizes the need for public-private partnerships, greater information sharing, and the collaborative development of a cyber security framework and program.
The executive order gives us a chance to see what works and what doesn’t. It gives the administration an opportunity to hear the perspectives and concerns of the private sector as cyber-security policy is developed. The executive order should also be complemented with information-sharing legislation that has the support of the broader business community.
Congress must continue to work on a bipartisan bill that would put timely, reliable and actionable information into the hands of businesses so that they can better protect their systems and assets. In turn, businesses need liability protections when they voluntarily share with the government and industry peers.
Cyber-security legislation should also encourage international cooperation against cyber crime, enhance research and development, reform the Federal Information Security Management Act of 2002, and heighten public awareness and education.
It’s vital that our cyber-security policies don’t create burdensome regulations or new bureaucracies. Existing regulatory models won’t allow us to keep up with the rapidly developing threats in cyber space.
Today’s regulations could be outdated tomorrow, and companies could actually become more vulnerable if they’re operating under security requirements that are obsolete.
Businesses genuinely want partners — not regulators — in the fight against cyber criminals. The key to an effective cyber-security strategy must be collaboration. We all have a stake in the outcome of the debate, so we must work together and ensure that we get it right.
— Tom Donohue is president and CEO of the U.S. Chamber of Commerce. The opinions expressed are his own.