Republicans and Democrats are currently debating the provisions of the Cyber Security Act of 2012, a bill that has the potential to add significant new regulations to private businesses. Senator John McCain of Arizona has criticized the bill for burdening businesses with a regulatory burden that is too high, particularly during the current challenging economic climate. Democratic leaders, in contrast, favor passage of the bill, which would require some kinds of business entities to implement IT solutions that would enable them to demonstrate compliance with stringent new standards for security of data and infrastructure.
McCain admitted that the issue of cyber security was “complicated” and argued that the legislation should not be rushed to a vote. Some observers, however, believe that McCain’s true objections to the bill rest not so much in the level of regulation as with the details of how that regulation would be carried out. The bill currently directs the Department of Homeland Security to enforce security standards on private businesses. McCain remarked that a better route might be to have the National Security Agency take on this responsibility. The NSA is constituted as part of the Department of Defense, which McCain believes has more expertise in the area of security. McCain also questioned why some kinds of IT companies were exempted from the bill’s provisions.
Most businesses cannot afford to keep track of developing legislation, even though the details in such bills may have an enormous impact on later operations. To receive targeted and relevant information in a timely manner, businesses should consider working with an IT consulting firm that can monitor ongoing developments for them.