Rather than develop mandatory regulations, the government should apply to the cybersecurity challenge the public-private partnership model that has been effective in other areas. While the federal government has the resources to facilitate industry-led discussions on how best to defend against the APT, industry officials bring real-world expertise and experience unique to their segment.
In fact, NAM member companies have been on the record in their comments to NIST and in their participation in the cybersecurity framework discussions around the country that implementing any framework should be on a voluntary company-by-company basis. The framework needs to be risk-based, and it must keep pace with ever-changing cyber threats. Most importantly, any threat information the government can share with the private sector will be the most effective way to combat cyber threats.
A one-size-fits-all approach to a standards framework will not be effective. Manufacturers vary in size, come from a cross-section of diverse industry segments, have differing amounts of available resources and are exposed to external actors in different ways. These factors all will play a role in how each manufacturer implements a cybersecurity strategy. Imposing a single regulatory model would result in little or no participation in the framework. Rather, the framework should act more as a guideline and advocate for best practices. The framework must also take into account the global presence of manufacturers and all international markets in which they operate and the related international standards already in place.
The most common theme we have heard from our members is that a number of standards already exist. A major concern is that the creation of any new set of standards--even if they are voluntary--could lead to another regulatory regime and cause even more challenges for manufacturers. Any framework NIST may develop must take into account existing standards already being followed by the private sector.
Cybersecurity Act of 2013, S.1353
The Cybersecurity Act of 2013, S.1353, introduced yesterday addresses many of the challenges described above. Mr. Chairman and Ranking Member Thune, we appreciate your efforts to reach out to all stakeholders to create a balanced approach to reduce the risk of cyber threats to critical infrastructure based on a public-private partnership model.
The legislation would create a national cybersecurity research and development plan to further secure wireless technology, software systems and the Internet, while guaranteeing individual privacy. The legislation would also create cybersecurity modeling and test beds to examine our capabilities and determine our needs. It does all of this while ensuring coordination across the government. We appreciate your efforts to raise the priority of cybersecurity throughout all agencies.
Your bill also would place a priority on developing a high-skilled cybersecurity workforce. Through competitions, challenges and scholarships, it would create incentives to join this growing workforce at a time when our country needs it most. Most importantly, it would assess current skill sets and help determine what more is needed in curriculum and training to ensure we have the workforce we need. Manufacturers are facing a skills shortage in many disciplines, and any effort to close that gap is one we support strongly.
The national cybersecurity awareness and preparedness campaign has been well received by NAM members. Efforts to increase the cyber intelligence and cyber safety of the public and state and local governments will benefit manufacturers as they hire the workers they need and as they operate in their communities.
We have heard the most from our member companies on Title I of the bill, Public-Private Collaboration on Cybersecurity. As I stated earlier in my testimony, the ability to receive real-time threat information remains manufacturers' top priority. This will be the most effective way to combat cyber threats. Manufacturers realize that an ongoing partnership with the federal government--in addition to information sharing--is also important.
In addition, NAM members generally support establishing NIST as a facilitator of industry-led discussions on standards, guidelines and best practices among other efforts to reduce cyber risks to critical infrastructure. Many NAM members are participating in the NIST cybersecurity framework discussions underway. Those sessions have been productive, and our members want the process to continue.
Nonetheless, they have some concerns about this approach. In particular, some companies are concerned that codifying NIST as the facilitator may somehow negatively impact the process, or even worse, give NIST the authority to recommend binding regulations.
It is our understanding that creating new regulations is neither the intent nor the goal of the legislation. We appreciate that this is referenced specifically in the bill, which requires that any recommended standards are voluntary and will not prescribe specific technology solutions, products or services. The legislation is even more specific by citing that any information shared in the standards development process shall not be used to regulate any activity of the sharing entity.
On behalf of the NAM's 12,000 members, this is a point I cannot stress strongly enough--manufacturers will not support any legislation that creates a duplicative regulatory regime that puts undue burdens on manufacturers. We are, therefore, pleased that this legislation prohibits that from happening while at the same time solidifies the public-private partnership in efforts to address an issue of critical importance to our nation.
In our fast-moving, hyper-competitive 21st-century economy, cybersecurity is an issue of increasing importance to the manufacturing industry. The stakes are high for manufacturers and the rest of the business community. Manufacturers' ability to protect their products, processes, facilities and customers is critical for their continued success and the broader economic security of the nation. The legislation the committee is examining today represents a good first step in assisting manufacturers in their ongoing efforts to reduce their cyber risk. Manufacturers must and will continue to drive the process, and a partnership with the government is a key component of the effort. The NAM supports the goals of the legislation and appreciates the committee's efforts to address this important issue. Thank you for the opportunity today to appear before you. The NAM looks forward to working with the committee as the process moves forward.
Read this original document at: http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=072560e2-21d8-49cd-8292-ca82bc5f200d
Most Popular Stories
- 15 Myths That Could Ruin Your Hispanic Ad Campaign
- Bitcoin Clones Lurch Onto Financial Scene
- General Motors Names Mary Barra as First Female CEO
- Clinton to Keynote Annual Simmons Leadership Conference
- AIG to Create 230 Jobs in Charlotte
- How Bitcoin and Other Cryptocurrencies Work
- Selena Gomez, Shakira Among Top Hispanic Searches
- Californians Want to Legalize Marijuana
- Pacific Trade Pact Delay Hinders U.S. Pivot to Asia
- PhD Project Grooms Business Profs