Today’s cyber threats are more sophisticated and targeted than ever and are growing at an unprecedented rate. Cybercrime perpetrators have evolved from simple, low-budget hackers into cutting-edge state-sponsored threats, or well-financed criminal operations that contribute to a multi-million dollar cybercrime industry.

A critical cybersecurity priority for SIIA is to preserve IT innovation and technology neutrality. Additionally, SIIA has worked closely with the National Institute of Standards and Technology’s (NIST) across a wide range of initiatives to facilitate and support the development of voluntary, industry-led standards, and we believe NIST has a critical function to play in leading this effort in the development of cybersecurity standards and best practices for critical infrastructure. And SIIA is strongly supportive of efforts to enhance cybersecurity research and development, and to improve the cyber workforce and enhance education and public awareness of cybersecurity.

SIIA supports S. 1353 because it would accomplish these critical objectives for protecting the Nation from cyber threats.

Ken Wasch is President of SIIA. Follow the SIIA Software team on twitter at @SIIASoftware.

U.S. companies and law enforcement agencies use the CFAA as the primary Federal anti-hacking law to protect billions of dollars of research and development that is under constant threat from hackers, organized criminal syndicates, and theft from competitors and foreign governments.  Other statutes are difficult to enforce and simply do not provide the same level of legal protection.

The weakening of the statute is especially problematic at this point because of the uptick in attacks on computer systems of U.S. corporations with the aim of stealing valuable intellectual property.  In fact, Booz Allen Hamilton recently provided a report revealing that “corporate IP is under constant assault.” Achieving substantial international consensus and coordination to fight this has become a matter of significant U.S. diplomacy.  Why at this crucial point would Congress want to cut back on the legal weapons we use to combat this plague?

Of course, there are different court interpretations of the statute. The ninth district reads it one way; the fourth district reads it another way.  Sooner or later, the different judicial outcomes will have to be sorted out by the Supreme Court, but none of the court decisions gut the statute in the way that the bill introduced today would.

The better way forward for Congress is to wait for this Supreme Court clarification and then see if further legislative revisions are necessary.  In the meantime, the Justice Department can address any concerns about prosecutorial overreach through improved guidelines.  But wholesale weakening of the Act takes U.S. cybercrime policy in the opposite direction, as it gives the green light to criminal at a time when we should be united in the stand against international computer crimes.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

SIIA shares the overall goals of the Administration in developing a cybersecurity framework that improves our ability to protect government information and critical infrastructure from cyber-attacks.  In fact, many SIIA members provide products and services that protect businesses, consumers and public sector entities from cyber-attacks, viruses and a wide-range of online security threats.  As a result of this experience, these members have a critical voice in the debate on the implementation of Section 8(e) of the Executive Order.  While we recognize the importance of the overall goals of the Executive Order we have some significant concerns regarding the potential effects of its implementation as proposed in the RFI.

Most notably, we have an overarching concern that the RFI itself does not accurately reflect the carefully crafted definition of “critical infrastructure” reflected in the Executive Order.  Instead the RFI appears to sweep all IT companies or their customers into the same regulatory basket as the most critical systems.  This distinction is crucial as not all systems and assets should be required to comply with this level of regulation.

In addition, SIIA expressed concerns in our comments about how the development of a broad cybersecurity framework, an ongoing process at NIST, may impact sector-specific guidance such as what is proposed here for government contractor / acquisition sector.  As a result, we have requested that the implementation of Section 8(e) be delayed until NIST cybersecurity framework has been fully developed.

Furthermore, we support the “common criteria” as a globally recognized, effective solution to a rapidly changing IT marketplace, we caution the Administration to avoid  establishing any new, overly prescriptive supply chain or software assurance scheme that would establish the Government as a leader in the process of developing technology or the would create a US centric standard, as this would conflict with the proven security regime that has long been the foundation of our national security strategy.

We also point out concerns about how that which is proposed in this Executive Order may impact the consistent, accepted, risk-based government cybersecurity requirements contained in FISMA.  Beyond its impact on FISMA, the Executive Order may also overlap with and be redundant to the FedRAMP program, potentially subjecting any Internet-enabled computing services utilized by the government to new baseline security assessments, on top of the existing FISMA and FedRAMP requirements. Not only would this practice be costly, slow, and inefficient, but it could lead to new technology-specific overlays for services that are already being utilized and assessed by the federal government in a technologically-neutral way.

Lastly, we highlight our concerns regarding the potential effect of the rules proposed as a result of the Executive Order on the other major cyber-related requirements, both current and proposed, including those found in the FAR, the DFARS, FISMA and the last two National Defense Authorization Acts.

Michael Hettinger is VP for the Public Sector Innovation Group (PSIG) at SIIA. Follow his PSIG tweets at @SIIAPSIG. Sign up for the Public Sector Innovation Roundup email newsletter for weekly updates.

Early detection and notification of cybersecurity threats is the most critical component of preventing and mitigating attacks as well as increasing security across the board. SIIA supports CISPA because it would provide the critical necessary framework for early detection and notification of cybersecurity threats.  Today, the House clearly recognized this vital need, and as cybersecurity threats and damage continue to grow, it is essential that the Senate move quickly to approve these bills.

CISPA creates the necessary flexibility for businesses to share security information without fear of legal or regulatory liability. Specifically, CISPA would protect companies and organizations that share threat and vulnerability information with the government from legal liability and the risk of lawsuits, while also providing a critical exemption from antitrust laws that currently discourage information exchanges between private companies.

Additionally, SIIA applauds House passage of three other key cybersecurity measures to reform federal information security management and enhance cybersecurity R&D. These measures include:

• Federal Information Security Amendments Act (H.R. 1163)
• Cybersecurity Enhancement Act (H.R. 756)
• Advancing America’s Networking and Information Technology Research and Development Act (H.R. 967)

With cyber threats more sophisticated and targeted than ever, now is the time to act on critical cybersecurity legislative priorities. We urge the Senate to move with all deliberate speed to consider these key measures and advance the Nation’s cybersecurity readiness.

Ken Wasch is President of SIIA. Follow the SIIA Software team on twitter at @SIIASoftware.

Early detection and notification of cybersecurity threats is the most critical component of preventing and mitigating attacks – increasing security across the board. SIIA supports CISPA because it would provide the critical necessary framework for early detection and notification of cybersecurity threats.  Specifically, CISPA would provide needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of lawsuits, and it would also provide a critical exemption from antitrust laws that currently discourage information exchanges between private companies.

Ken Wasch is President of SIIA. Follow the SIIA Software team on twitter at @SIIASoftware.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

As we work with the Administration on implementation, a priority for our industry will be to avoid rigid regulations that impede the innovation that is essential for effective cybersecurity.

A regulatory approach seeking to cover a broad, rapidly-evolving cross-section of industry would have the unintended consequence of slowing technological innovation and limiting our collective cybersecurity preparedness. Therefore, it is essential that the Administration work with industry to implement the Executive Order in a way that retains necessary flexibility. Technological innovation must be allowed keep up with rapid developments pertaining to both cybersecurity threats and protections.

To that end, we look forward to continuing to work closely with the Administration and congressional leaders to implement this policy.

Ken Wasch is President of SIIA. Follow the SIIA Policy team on Twitter at @SIIAPolicy.

SIIA commends the European Commission for conducting a thoughtful, comprehensive review of network and information security across the European Union. There is a critical need to focus on the best cybersecurity practices that will help protect governments, businesses and citizens around the world from increasingly sophisticated cyber-attacks.

However, we are concerned about the scope of the Commission’s regulatory approach.  It is overly broad, too prescriptive and threatens to suppress the very innovation that will help businesses, governments and citizens anticipate and address changing cybersecurity threats.

The proposal’s cybersecurity performance requirements will likely lead to technical mandates and rigid regulatory standards and reporting obligations.  Its scope goes well beyond critical infrastructure, where the harms from cyber-attacks are the greatest.  In doing so, it threatens to engulf a broad range of other industries, thereby wasting scarce security resources on areas where the dangers are not urgent.

Today’s cyber threats are global and ever-changing – rigid, far-reaching regulations will almost certainly do more harm than good.  SIIA supports policies that provide the necessary flexibility to keep up with rapid technological developments pertaining to both threats and protections.  SIIA and its member companies look forward to working with the Commission as it considers this proposal and possible amendments.

Ken Wasch is President of SIIA. Follow the SIIA Policy team on Twitter at @SIIAPolicy.

A key theme unifying the work of SIIA on behalf of its members is an increased focus on advancing the effective collection and positive use of data. It is essential that public policy recognizes that innovation and business strategies are increasingly driven by data. Importantly, data-driven innovation not only holds the promise of advancing economic opportunity and jobs, but of providing tremendous consumer and societal benefits.

With so much at stake, SIIA is committed to actively promoting the economic and social value of data-driven innovation. Our efforts will involve direct outreach to legislators, along with a White Paper that includes recommendations for policymakers and governments. Our goal is to make certain that public policy helps enable the tremendous societal and economic benefits of data-driven innovation.

With members in both technology and information services, SIIA is uniquely positioned to highlight and address the public policy issues that arise from the increased salience of data-driven innovation. We began to focus more strongly on this issue in 2012, and it will be an even more important part of our work in 2013.

SIIA also announced its general tech policy priorities for 2013, along with policy priorities in the areas of: intellectual property; public sector IT, and; education technology.

Technology Policy Priorities

• Promote and enable the economic and social value of data-driven innovation, including through a White Paper with recommendations for policymakers and governments.
• Actively support voluntary, enforceable codes of conduct to provide enhanced data privacy protections, and oppose legislative and regulatory proposals that lack the flexibility to accommodate rapid technological innovation.
• Promote policies around the world that facilitate cross-border data flows, and develop interoperable legal frameworks that help to advance global implementation of cloud computing.
• Promote critical cybersecurity policies, in the U.S. and around the world, that will help the public and private sectors work together to more effectively mitigate this threat, without stifling innovation.

Intellectual Property Priorities

• Protect the economic interests and creative rights of software and content publishers by responding as appropriate to the Supreme Court opinion in Kirtsaeng v. John Wiley & Sons Inc. and any other cases, policies or legislation relating to the copyright law’s first sale exception/exhaustion principle that may unduly limit their ability to license and control the distribution of their software and content products
• Encourage economic growth and innovation by working for further reform of the patent system to address the ongoing problem of patent trolls, including measures to restrict asymmetric discovery burdens.
• Monitor the ICANN’s domain name expansion process with the goal of enhancing and strengthening online transparency and accountability by working to ensure that domain name and IP address Whois databases remain publicly accessible, accurate, and reliable, as key tools to combat online infringement of copyrights and trademarks, and other fraudulent or criminal acts online.
• Actively monitor for, and act upon as necessary, hearings, legislative or regulatory copyright reform proposals in the United States and abroad, such as issues relating to orphan works, library exceptions and piracy, to ensure that they advance and do not adversely affect the copyright interests of SIIA members.
• Oppose changes to the CFAA that would unduly limit the ability of SIIA members to deter and prevent unauthorized access – and access that exceeds authorized access to databases, subscription services and cloud services.
• Ensure that any international treaty relating to copyright exceptions for the blind and visually impaired that may be adopted by WIPO includes adequate safeguards to protect the copyright interests of SIIA’s publishers.

Public Sector IT Priorities

• Encourage Administration IT initiatives for federal agencies to be more open, transparent and efficient, delivering better services to citizens, while reducing the overall cost of government. Information Technology has and will continue to play a role in the Federal government’s effort to deliver better services to citizens, while reducing the overall cost of government.
• Support a continuation of the effort to move agencies to cloud, consolidate the existing data center infrastructure and better leverage government data.
• Advocate for key administration initiatives that support the overall mission of the SIIA Public Sector Innovation Group including: Cloud First, Big Data, Data Center Consolidation, Digital Government/Mobile, and FedRAMP.
• Support reasonable reform of the Federal acquisition process, which needs to change to keep pace with the rapid pace of technology.
• Intervene to support member interest in the legislative consideration of the proposal by Chairman Daryl Issa to reform federal IT acquisition, which will serve as a basis for a broader discussion around the need to improve IT acquisition to keep pace with technology in 2013.

Ed Tech Priorities

• Seek increased investment in education technology and its integration into teaching and learning, including to personalize learning for each student.
• Reform outdated regulations in favor of 21st Century e-learning policies, especially the shift from seat-time to anytime, everywhere competency-based learning.
• Support education technology research and development through government-industry partnership, not government competition with the private sector.
• Support the value of the for-profit sector in providing education products and services to public schools, agencies and institutions.
• Encourage targeted STEM education, training and other workforce development policies to meet the economy’s needs for a skilled high-tech workforce.
• Actively translate public policies, programs and regulations into actionable market intelligence for SIIA members.

Ken Wasch is President of SIIA.

And then the news hit that the White House itself had been the target of a cyber attack. Fortunately, this time, no classified systems were compromised and no data was extracted.  This time.

It is not often that events illustrate so vividly the risks to the nation in continuing an unacceptable compromise policy.  No one really wants a sequester, and no one really wants the consequences that would flow from one. Policymakers need to do what it takes to avoid it.

But failing that, the Administration should find a way to prioritize cyber security spending.  Congress did not agree on all aspects of the stalled cybersecurity legislation, but they did agree that more Federal funding for cyber security programs and research was an urgent national priority. Sequester planning should maintain that priority.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy