Business Groups Oppose Putnam's Cyber Security Plan

Source: The Ledger online
By Cory Reiss
Date: October 31, 2003

Cyber Crimes WASHINGTON -- Facing a new layer of regulation, business interests have halted legislation intended to protect computer systems from sabotage.

Rep. Adam Putnam, chairman of a House technology subcommittee, planned to introduce a bill this week that was meant to reduce the risk of cyber attacks that could result in blackouts or the release of private financial information. The Bartow Republican, however, got a colder response than expected when he circulated the proposal to business groups last week.
Putnam put the bill on ice Tuesday, saying the companies that opposed his approach have offered to work on another plan that would tighten security but involve less government oversight. He said some form of industry self-regulation could work and wants to explore the options.

"All along I've said management and CEOs are not recognizing the risk here, so I guess we've been successful in that they're recognizing the risk," Putnam said.
Although there have been no known acts of cyber terrorism, the subject has received more attention lately from Congress and law enforcement. The nation's private computer systems control the bulk of critical infrastructure and data. Experts, many of them in hearings before Putnam's subcommittee beginning in September, have said these systems are vulnerable.

Interest in cyber security grew after the release last summer of several destructive computer viruses and worms that shut down computer systems around the world. Two of those attacks happened about the time that a power blackout crippled the Northeast in August. The blackout was unrelated to hacking and its results drew even more attention to the possibility of terrorist attacks over the Internet.
Putnam's proposal would have required all publicly traded companies -- which include utilities, banks and countless other business sectors -- to conduct computer security assessments and report the results to the Securities and Exchange Commission. The companies also would have been required to file plans for closing security gaps and continuing operations if there is a computer breach.

The bill was modeled on the SEC's response to the Y2K computer glitch that was expected to shut down any computer software unprepared for the rollover to the year 2000. The SEC required companies to fix those problems and report regularly on their progress.
Business groups argued to Putnam in the last few days that they don't want another version of the Y2K rule. They complained the SEC was not equipped to write rules governing computer security. Technology groups worried the rules would be outdated even before taking effect.

Putnam said those arguments were reasonable.
Andrew Howell at the U.S. Chamber of Commerce, said companies just don't need another regulation.

"We don't think it's necessary," Howell said, adding that companies already have a stake in ensuring their computers are safe.
"Obviously companies are doing everything they can to protect themselves. Companies want to continue to stay in business. Companies want to continue to have customers."

Putnam's ties to many of these industries have increased since he became chairman of the Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee this year.

Original article

^macro[showdigestcomments;^uri[];Business Groups Oppose Putnam's Cyber Security Plan]