President’s Cyber-Security Executive Order Issued as Reports Emerge of Chinese Army Coordinating Cyber-Attacks on American Soil

Last week, the president issued a long-awaited executive order that seeks to protect critical infrastructure – an action he promised soon after Congress didn’t reach agreement on cyber-security legislation last year. This week, the New York Times reported that a link has been established between cyber-attacks against U.S. companies and firms that provide a variety of services, including those that provide services to critical infrastructure owners and operators. This is an alarming development that has been years in the making. To make matters worse, the report cited numerous security experts that expect the Chinese military to become increasingly more sophisticated and adept at launching cyber-attacks.

CompTIA firmly believes that protecting our nation’s infrastructure against cyber-attacks is among the most important issues facing our national and economic security and well-being. These attacks and ongoing threats to our nation’s IT infrastructure only highlight the need to implement sound security measures. That is why CompTIA will continue to advocate for the priorities of the IT industry within the cyber-security debate.

It is clear that many laws are out of date or not relevant in the fast moving cat-and-mouse game of cyber-security. Therefore, it is important that we modernize our laws to better reflect today’s cyber-threats and the current IT infrastructure.

For example, CompTIA has strongly advocated for a national data breach notification standard in order to avoid the patchwork of state laws that are hamstringing the ability of small- and medium-sized businesses to expand. Currently, there are more than 45 varying state data breach notification laws, creating a complex patchwork of rules and regulations. This poses significant and duplicative legal, regulatory and compliance costs on the sector that can least afford to shoulder these expenses. The burdens and cost associated with compliance of multiple state laws – especially in this mobile economy – seems unfair and outdated. A national standard will help to protect consumers while allowing industry to grow.

Additionally, better coordination between the private and public sector must take place in a manner that incentivizes the various private sector stakeholders to share information and adopt more robust cyber-security measures and controls.

Congress must also address our cyber-workforce needs of today and tomorrow. Without a steady stream of cyber-warriors, we stand no chance at competing with our cyber-adversaries – let alone defeating them. More must be done to motivate the best and the brightest to enter the cyber-security workforce with the necessary skills to be successful. Congress can help by providing scholarships, training and certification to those who will enter the federal workforce and by working with the private sector on developing a strong pipeline of talent.

Finally, we have to develop a better pipeline for small- to medium-sized (SMB) IT companies that can develop new and innovative cyber-security products and services. Dedicating a larger pool of research and development funding aimed at the SMB IT sector can spawn many new and innovative companies that, in turn, develop products and services.

We urge Congress to tackle, on a bipartisan basis, the ongoing threat of cyber-security with the adoption of comprehensive cyber-security reform. There is still a great deal of work to be done and we stand ready to continue to work with Congress on these issues of national consequence.