Tom Ridge, leader of the chamber’s national security task force and the former homeland security secretary under President Bush, told the Senate Homeland Security and Governmental Affairs Committee on Thursday that additional regulation would increase industry costs, “impede” cybersecurity innovation, and even worsen cybersecurity.
“A regulatory program would likely become highly rigid in practice and thus counterproductive to effective cybersecurity – due in large part to a shift in businesses’ focus from security to compliance. Equally concerning, federal mandates could compromise security. By homogenizing security, our online adversaries would quickly learn to circumvent a company’s protections and those of similarly situated companies”, Ridge told the panel.
Instead, the chamber favors a bill that would encourage public-private sector cooperation on information sharing and risk assessment and provide incentives for private sector investment in cybersecurity technology and innovation.
Janet Napolitano, current homeland security secretary, stressed the need to act quickly in passing cybersecurity legislation.
“All sides agree that federal and private networks must be better protected, and information about cybersecurity threats should be shared more easily while ensuring that privacy and civil liberties are protected through a customized framework of information handling policies and oversight….The threats to our cybersecurity are real, they are serious, and they require urgent action”, Napolitano told the panel.
Sen. John McCain (R-Ariz.) warned the Senate leadership against rushing the legislation to the Senate floor for a vote before other committees have had an opportunity to review it. He noted that the bill has already been placed on the Senate calendar for a vote without a “single markup or any executive business meeting by any committee of relevant jurisdiction. My friends, this is wrong”, he testified.