U.S. businesses face daunting cybersecurity threats every day from malicious cyber actors.
These threats range from hacktivists, who deny services to customers, to criminals, who weaponize malware and monetize weaknesses in cyber defenses, to hostile nation states that steal confidential business information and intellectual property.
As we begin National Cybersecurity Awareness Month, it is important for businesses to continue to lead on cybersecurity awareness and solutions both at home and abroad. Government officials, including lawmakers and those in the administration, have an important role in this effort by supporting the cyber risk management activities of private sector entities.
The U.S. Chamber of Commerce urges businesses of all sizes to invest in sound cybersecurity practices, such as developing and regularly testing a risk management plan. We have been advocates for the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity (the framework) and continue to promote its use through our educational efforts with businesses domestically and internationally. This voluntary, collaborative, and flexible NIST framework remains one of the best examples of public-private partnerships in action.
The U.S. Chamber continues to champion legislation that supports businesses of all sizes in their efforts to stay secure.
For resource-limited small businesses, we supported S.770, the NIST Small Business Cybersecurity Act, which the president signed into law this August. The legislation directs NIST to provide resources to small businesses to help them manage cyber risks.
In July, the U.S. Chamber led a multi-association effort to urge the Senate to pass H.R. 3359, the Cybersecurity and Infrastructure Security Agency Act of 2017 (CISA). This bill is a top priority for the business community and for Homeland Security Secretary Kirstjen Nielsen, and restructures the department’s cyber directorate into an operational component that will optimize how the department executes its cyber authorities. The new structure facilitates engagement with the business community before, during, and after cyber incidents. CISA currently awaits a vote in the Senate, and we urge bipartisan support for this bill.
Another important U.S. Chamber-supported cyber bill is H.R. 3776, the Cyber Diplomacy Act of 2017. This legislation would focus and centralize the cyber and digital economy priorities under one office that would report to the Under Secretary for Political Affairs at the U.S. Department of State. Importantly, the head of the office will be elevated to the assistant secretary level and hold the rank of ambassador. We believe that the Department of State has a critical role in international cyber policy, and enactment of this bill would demonstrate that the U.S. Government is committed to a secure, reliable, and open internet globally.
The Department of Homeland Security has announced several other initiatives related to cybersecurity, to include the establishment of the National Risk Management Center (NRMC). The NRMC initially will focus on two key areas: identification of systemic risk; and management of supply chain security risk. We believe that both of these initiatives can produce constructive outcomes related to risk analysis and mapping, identification of vulnerabilities, and delivery of actionable intelligence based on focused analysis.
Since the passage of the U.S. Chamber-supported Cybersecurity Information Sharing Act in 2015, businesses have voluntarily shared cyber threat data robustly with industry peers and information sharing and analysis centers. We are working with stakeholders in various industry sectors to further deepen the relationships that exist between the public and private sectors, and move to an environment of real and meaningful operational collaboration between government and industry. Only then will we be able to defend against the myriad and evolving threats we face as a business community, and as a nation.
Taken together, these robust public-private efforts to enhance business cybersecurity and resilience will have a meaningful impact on the risk management activities of individual businesses. Our members are committed to bring together capabilities and authorities from different organizations in the public and private sectors in sustained efforts to manage risks and counter cyber threats. Through the sharing of best practices, businesses and government leaders are better able to coordinate efforts and anticipate emerging challenges.