IT security is an issue frequently discussed at the highest levels of government, the halls of Congress, but until recently, comprehensive legislative reforms have not appeared likely. That may soon be changing thanks to a compromise being worked out between two Senate members, each one representing one of the major parties that govern the nation.
Until now, a compromise has been a difficult proposition. Many Republicans are reluctant on principle to interfere in the free market in any way. Democrats, in contrast, have regarded cyber security regulations as a legitimate expression of government power, particularly when enacted with careful limits in place.
Now, however, a draft outline of a new cyber security law manages to find some middle ground between these positions by proposing that the IT solutions needed to combat the threat environment are developed voluntarily in a joint process that would involve both business leaders and the Department of Homeland Security. The vision of the legislation is that these IT solutions would mainly consist of improvements in practices. The joint process would also help to develop the procedures to be used when the security practices of businesses are audited.
According to Allan Friedman of the Brookings Institute, the new legislation would use public shame instead of the power of mandate: "You can use naming and shaming as a mild form of incentive, to reward companies that are doing this and shame companies that aren't. Imagine a year or three from now, we'll have stock market investors who care about this… and think about public risk exposure in the cyber domain."
Known as the Whitehouse-Kyl plan to indicate the two senators leading the charge, the draft legislation would involve the development of "voluntary baseline performance goals" and would include provisions for businesses to "self-certify" their compliance. This would entitle such businesses to a certificate from the Department of Homeland Security, a certificate that would provide some protection against liability claims. This facet of the program could provide businesses with a powerful incentive for full participation, since the liability protection would include a cap on non-economic damages and would eliminate punitive damages completely.
Other businesses may be more interested in the ‘preference’ provision of the bill; companies that were certified as cyber-secure under the legislation would have an advantage in landing government contracts.
IT security is an important matter for any business no matter what legislation eventually settles into place. For more information about how iCorps IT services can meet your needs in this area, contact one of our representatives today.