During a hearing of the House Energy and Commerce Committee’s subcommittee on communications and technology, the telecom executives stressed that sharing information and providing incentives for cybersecurity innovation are better approaches than expanding the government role in cybesecurity protection.
“Flexibility is absolutely necessary in light of the high-velocity changes in technology, business models, service, application vendors, and customer devices employed by each network operator and/or installed by internet users in their homes or on their devices”, testified Jason Livingood, vice president of internet systems engineering at Comcast.
“Indeed, a government-mandated ‘one size fits all’ approach could actually undermine cybersecurity by allowing criminals and hackers to launch an attack on multiple networks simultaneously if they are able to circumvent uniform or homogeneous detection and deterrence measures or could constrain the pace of innovation in Internet-related technologies, services, and applications”, he added.
Sounding a similar theme, Edward Amoroso, chief security officer at AT&T, said that the government should encourage cybersecurity innovation, rather impose regulation.
“We strongly believe that the most effective way to move forward on cybersecurity is to broadly spur investment and innovation, based on increased awareness of cybersecurity by the CEOs of the largest companies to the individual consumers that drive market demand”, Amoroso testified.
“Congress and the administration have leadership rolls to play in assuring that the United States continues to focus on technology innovation. Burdening the private sector with the cost of unnecessary and ineffective regulations and processes is contrary to that objective and will only slow advances in cybersecurity”, he added.
John Olson, chief information officer with MetroPCS Communications, told the committee that his company favors expanded information sharing between government and industry.
“MetroPCS does support the enhanced sharing of information regarding cyber threats by the federal government as long as there is no mandated reporting requirement imposed on the private sector”, Olson said.
“Overall, any cybersecurity legislation that Congress may consider should focus more on protecting the government’s own critical IT systems and networks from cyber threats and sharing critical information with private industry”, he concluded.