Warns Only Congress Can Grant Liability Protections, Incentives to Industry

WASHINGTON, D.C. – Congressman Michael McCaul (R-TX), Chairman of the Homeland Security Oversight & Investigations Subcommittee, urged President Obama to forego issuing an executive order addressing the nation’s cybersecurity and instead work with congressional leaders to reach an agreement on critical legislation leading up to the 113^th Congress, which convenes in January. 

In a letter to the president, Congressman McCaul, who co-founded and co-chairs the Congressional Cybersecurity Caucus, emphasized the need to assure industry of liability protections and incentives, which are critical to facilitate information sharing between the private sector and government, but which the executive branch does not have the authority to create.  He also stressed the importance of including industry in crafting cybersecurity framework.

Without protections and incentives, “a voluntary program intended to strengthen communication between the government and the private sector will be ineffective and carryconsequences for entities that choose to participate,” the letter states. 

“Operators of critical infrastructure and vast networks of intellectual property are in the best position to understand the threats they face on a daily basis and whatsolutions are most effective.  Excluding industry from this process will result in subjecting a large swath of America’s job creators to a program or regulations that it had no voice in crafting,” Rep. McCaul continues in the letter.

On Wednesday Congressman McCaul told high tech leaders gathered for a Big Data conference on Capitol Hill that it is “fundamentally important” to include stakeholders in discussions on cybersecurity legislation.

Text of Rep. McCaul’s letter (linked above) follows:

 

October 5, 2012

 

President Barack Obama

The White House

1600 Pennsylvania Ave., NW

Washington, DC 20502

 

Dear Mr. President:

It is my understanding that your Administration is preparing to issue an executive order addressing cybersecurity.  I share your disappointment that the Senate failed in August to pass cybersecurity legislation and, like you, I remain concerned that our cyber defenses are vulnerable to an attack.  However, I strongly believe that only through legislation passed by Congress can we effectively address the complex legalchallenges surrounding this important issue.  Therefore, I ask that you respect the legislative process and work with Congress to address cybersecurity matters.

Only Congress, not the executive branch, possesses the authority to create meaningful liability protections or incentives, which are necessary for theprivate sector to participate in an effective information sharing system.  Both liability protections and incentives are a crucial part of any information sharing partnership between the private sector and government. Without those provisions, a voluntary program intended to strengthen communication between the government and the privatesector will be ineffective and carry consequences for entities that choose to participate.  Further, it would take legislation to create a more robust cybersecurity workforce. 

It is critical that industry be involved in crafting any meaningful cybersecurity framework.  Operators of critical infrastructure and vast networks of intellectual property are in the best position to understand the threats they face on a daily basis and whatsolutions are most effective.  Excluding industry from this process will result in subjecting a large swath of America’s job creators to a program or regulations that it had no voice in crafting.  The government should form a partnership with private sector stakeholders to better understand the challenges they face and how the government can aid them in overcoming those challenges.

I respectfully request that your administration devote more resources to engage and negotiate with members in anticipation of taking up the issue of cybersecurity in the 113^th Congress.  Instead of “going it alone” in the form of an executive order, I suggest that the administration reengage with Congress to work towards a consensus on cybersecurity.  This was a recommendation by the CSIS Commission on Cybersecurity for the 44^th Presidency, which I co-chaired.  Bypassing the Congress will only serve to muddle the legislative process and delay passage of legislation, which instead should be among our top priorities when we reconvene.

I would like to offer my help with facilitating a dialogue between Congress and your administration.  We can both agree it is imperative that we strengthen our cyber defense andprotect Americans from cyber threats.  If you would like to discuss this issue further you can reach me at 202-225-2401.

 

Sincerely,

 

                                               

           Michael T. McCaul

           Member of Congress