Holleyman outlines six recommendations that would constitute a comprehensive upgrade of America’s cybersecurity capabilities
Washington — January 12 —
In a letter to the 100 members of the US Senate, the Business Software Alliance today recommended six key focus areas for legislation to comprehensively upgrade America’s cybersecurity capabilities.
“The growing volume and sophistication of cybersecurity threats facing America today demand an effective policy response,” wrote BSA President and CEO Robert Holleyman. “While there are philosophical differences of opinion about what should be included, there is clear bipartisan agreement that cybersecurity legislation deserves consideration in this Congress.”
“BSA strongly supports legislation that will bolster the country’s cybersecurity capabilities by promoting market-driven technology innovation, nimble and adaptive monitoring, and well-oiled coordination between the public and private sectors,” Holleyman wrote. “This will require reforming laws that are mismatched to the challenge of a rapidly evolving threat landscape while avoiding overregulation, which could become both burdensome and ineffective.”
“We believe that Congress should focus on six key legislative priorities, which together would constitute a comprehensive upgrade of America’s cybersecurity capabilities,” Holleyman wrote:
- Improve the United States Government's own cybersecurity. There is overwhelming agreement that the Federal Information Security Management Act of 2002 (FISMA) needs to be reformed. The Act was an important step in improving our nation's cybersecurity, but its effectiveness in today's world is questionable. FISMA serves as a reminder that legislation should be written with the understanding that the future is unpredictable and that the cyber landscape will undoubtedly change faster than updated legislation can be passed into law. To that end, FISMA reform should encourage agencies to engage in continuous, real-time monitoring instead of conducting rigid, "check-the-box" exercises. This shift in tactics will make federal IT systems more adaptive and reliable.
- Promote real-time sharing of cyber threat information. Legislation is needed to promote increased sharing of cyber threat information, including real-time data, among and between private companies and the United States Government. It should eliminate legal barriers that deter private companies from sharing information, while providing incentives to stimulate industry participation in a trusted information-sharing environment. Such incentives should include safeguarding of trade secrets and adequate liability protection. The legislation also should ensure that government shares a greater quantity of actionable information with the private sector.
- Support cybersecurity research and development. Technological innovation is our best tool against cyber criminals. Comprehensive cyber legislation should contain a robust R&D plan and give researchers more resources to improve the country's cybersecurity capabilities.
- Sensible data-protection measures and breach-notification rules. Organizations should adopt security measures that are appropriate for the level of sensitivity of the data and information they are holding. Furthermore, if a breach poses significant risk of serious harm, consistent national policies are needed to ensure that customers and consumers are notified in an appropriate manner. Data breach legislation should be carefully crafted to help organizations prevent and respond to security incidents while avoiding costly, burdensome rules that would not provide any real protection to consumers. Such legislation will provide much-needed regulatory relief to companies facing conflicting legal obligations under today's patchwork of state laws.
- Strengthen law enforcement tools for deterring cyber crimes. Our nation's criminal statutes should be updated to clarify and enhance penalties for those who commit cybercrimes. Moreover, legislation should increase law enforcement resources to combat cybercrime and direct the government to enhance its international engagement efforts related to cyber crime enforcement.
- Encourage international cooperation. Legislation should direct the US Government to promote adequate cybercrime laws around the world, and it should provide incentives for other countries to cooperate on investigations and prosecutions of crimes that are difficult to pursue because of the borderless nature of cybercrime.
“Cybersecurity has become central to America’s national security and economic wellbeing,” wrote Holleyman. “BSA believes that focusing on these six priorities will be the fastest way to make strategically significant progress against cyber threats that we cannot wait any longer to confront.”
Click here to download a copy of the letter.
The Business Software Alliance (www.bsa.org) is the leading global advocate for the software industry. It is an association of nearly 100 world-class companies that invest billions of dollars annually to create software solutions that spark the economy and improve modern life. Through international government relations, intellectual property enforcement and educational activities, BSA expands the horizons of the digital world and builds trust and confidence in the new technologies driving it forward.