House may act on cybersecurity liability protection

Industry officials who favor cybersecurity liability protection may see action on their recommendations in the next legislative session.

Robert Dix, staff chief of the House subcommittee that oversees cybersecurity policy, said subcommittee members might introduce legislation based on recommendations of the Corporate Information Security Working Group, an organization of 25 senior business and academic leaders who advise the subcommittee chairman, Rep. Adam Putnam (R-Fla.), about ways to improve the nation's critical cyberinfrastructure.

Dix, speaking at a noon meeting of the Association for Federal Information Resources Management, offered no specific details on possible legislation. The working group, which has made 23 recommendations for improving cybersecurity, will issue its next report in November.

Based on the report's findings, members of Putnam's Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee are likely to introduce new legislation, Dix said.

"It's difficult to legislate software quality, we don't want to stifle innovation," he said. Putnam favors a market-based approach to fixing the nation's cybersecurity weaknesses, Dix said. "It's our belief that's beginning to happen" — that companies are bolstering critical infrastructure systems that control water supplies, power plants and communications, he said.

But utilities companies, he said, may need some legislative help to upgrade their systems and pass along the costs through changes in their rate structures.

Putnam said the nation's weak cybersecurity defenses are a bigger problem than most people realize. "We need a pride in security campaign in this country," he said. "We need to stop kidding ourselves about his problem."