A House GOP task force called for industry-friendly cybersecurity incentives in a new report released on Wednesday, but stopped short of recommending significant new regulations or federal reorganization.
“Change occurs so fast in this area that attempts to directly regulate a specific cybersecurity solution will be outdated by the time it is written,” the House Republican Cybersecurity Task Force concluded in its report to House leaders.
In June, Speaker of the House John Boehner, R-Ohio, and House Majority Leader Eric Cantor, R-Va., formally created the task force, composed of representatives of nine committees with jurisdiction over cyber issues. The panel recommended reforming a range of current laws, including the 2002 Federal Information Security Management Act, which governs government security programs.
The Governmental Accountability Office reported this week that the 24 major federal agencies have yet to fully implement information security programs.To help fix that, the task force called for FISMA to focus more on continuous and secure monitoring of IT systems, rather than the current “ineffective” checklist system.
“The federal government needs to lead by example and ensure its own computers and networks are secure,” the report argued. The report also recommended that the government encourage security by updating federal procurement process.
Besides taking a more hands-off approach to private-sector security, the GOP task force said it favored each committee handling legislation within its jurisdiction.
“Legislative packaging … must, of course, be decided by leadership, but we are generally skeptical of large ‘comprehensive’ bills on complex topics, at least as the bills are being written,” the task force said.
That could conflict with some proposals, especially in the Senate, but Rep. Mac Thornberry, R-Texas, who chaired the task force, said cybersecurity isn’t a partisan issue and that all parties can work together.
And the Senate sponsors of sweeping cybersecurity legislation weren’t fazed by the House’s skepticism.
“The recommendations of the House Republican Cybersecurity Task Force are an important and positive step toward passing badly needed comprehensive cybersecurity legislation,” said Senate Homeland Security Committee Chairman Joe Lieberman, I-Conn., who has long been fighting for a bill that makes changes to a range of policy. The task force report, Lieberman said, is a sign that bipartisan legislation can be passed this year.
The recommendations jibed with White House proposals in several areas as well, including data breaches, FISMA, and public-private information sharing, and providing liability protection for industry.
Not in the GOP report? Any new official to oversee all federal cybersecurity operations, as has been called for by some in Congress but opposed by the administration. Thornberry said the task force focused on goals that could be accomplished in the foreseeable future and there was no consensus on such major changes to government organization.
“These recommendations provide sound, concrete steps to help strengthen our cybersecurity now, while also highlighting issues that need more work,” he said. “Starting with incentives, information sharing, and updating some key laws can lead to real progress rather than more gridlock like we have seen with larger proposals.”
The next step, Thornberry said, is up to the committee chairmen and Boehner, who said he wants Congress to evaluate the guidelines "in the coming weeks and months."
Businesses and industry groups welcomed the House recommendations.
“The recommendations reflect a deliberative, thoughtful, and consultative approach to enhancing our nation's cybersecurity posture,” Liesyl Franz, vice president of the industry group TechAmerica, said in a statement.