WASHINGTON—The House Republican Cybersecurity Task Force issued recommendations Wednesday to guide cybersecurity legislation that avoid mandates in favor of incentives to push the private sector to protect customers’ data.
The recommendations echo Republican themes of limiting the size of government and avoiding new business regulations with their focus on offsetting costs and offering incentives for companies to protect their data.
“Cybersecurity poses some of the most serious economic and national security challenges our nation faces,” said task force member Rep. Robert Aderholt, R- Ala. “Additionally, in today’s tight budget environment we must ensure every dollar spent equals security realized.”
The report points out that the critical infrastructure of the U.S. —meaning power, water, communications and anything else people depend on daily—which is largely operated by the private sector, is not adequately protected.
“We have been told that the free market alone may not be able to improve security sufficiently,” the report said, echoing an argument often made by experts that a business might not see enhanced data security as directly benefitting its bottom line.
The report quickly answers that regulation is not the solution to ensuring data security, and it instead suggests tax credits, existing grant funding, voluntary standards incentives (i.e. certifications for companies that meet certain standards) and insurance.
“There’s not too much of a substantial difference between what they advocate and what the Obama administration has been doing,” said cybersecurity expert Allan Friedman of the Center for Technology Innovation at the Brookings Institution, a left-leaning think tank. “This is good. Not revolutionary.”
Some of the ideas also are similar to provisions of a bill approved last month by Democrats in the Senate Judiciary Committee.
The House GOP report pushes for awareness campaigns and information sharing between public and private sectors, while pointing out the needed to protect data privacy in any sharing.
“By strengthening a partnership with the private sector, the federal government can step up cybersecurity protections,” sad Rep Steve Stivers, R-Ohio, “and at the same time raise awareness for all Americans to do our part to protect ourselves and out way of life.”
Friedman said that while the recommendations tread lightly in areas of regulation and spending they “conform to the emerging consensus inside the cybersecurity community that we need to address this through principles of economics and information security.”
The report is aimed to guide legislation in the future, but it also says clearly that the task force wants these recommendations to be acted upon before the next election.