15wake of <strong>the</strong> President’s action,Representatives Mike Rogers (R-Mich.)<strong>and</strong> Dutch Ruppersberger (D-Md.)reintroduced <strong>the</strong> Cyber IntelligenceSharing <strong>and</strong> Protection Act (“CISPA”),which passed <strong>the</strong> House but not<strong>the</strong> Senate in <strong>the</strong> last Congress. TheHouse Permanent Select Committee onIntelligence held a hearing on <strong>the</strong> billon February 14, 2013, <strong>and</strong> <strong>the</strong> Secretaryof Homel<strong>and</strong> Security testified beforea hearing of <strong>the</strong> Senate Committee onHomel<strong>and</strong> Security <strong>and</strong> GovernmentalAffairs on cybersecurity issues onMarch 7, 2013. Before passing anylegislation, however, Congress mustfirst resolve several key contentiousissues, including whe<strong>the</strong>r to m<strong>and</strong>atespecific cybersecurity st<strong>and</strong>ards orprovide liability protection to industry.Representative Mike McCaul (R-Tex.),chairman of <strong>the</strong> House’s Homel<strong>and</strong>Security Committee, <strong>and</strong> SenatorTom Carper (D-Del.), chairman of<strong>the</strong> Senate’s top homel<strong>and</strong> securitycommittee, have both expressed <strong>the</strong>irintent to push for legislation in <strong>the</strong>coming months. 55. Preliminary Recommendations forIndustry InvolvementGiven <strong>the</strong> risks <strong>and</strong> uncertainties of <strong>the</strong>5. See, e.g., Rep. Michael McCaul, Opinion, Hardening Our Defenses Against Cyberwarfare,Wall St. J., Mar. 6, 2013, available at http://online.wsj.com/article/SB10001424127887324662404578336862508763442.html; Rep. Michael McCaul,Statement, Legislation Needed to Bolster Cybersecurity Executive Order, Feb. 12,2013, available at http://homel<strong>and</strong>.house.gov/press-release/legislation-needed-bolster-cybersecurity-executive-order.processes established by <strong>the</strong> ExecutiveOrder <strong>and</strong> PPD, we think it importantfor <strong>the</strong> undersea cable industry to takeseveral actions. First, <strong>the</strong> industryshould participate actively in <strong>the</strong>st<strong>and</strong>ards-development <strong>and</strong> o<strong>the</strong>rimplementation proceedings alreadybegun by various U.S. Governmentagencies, including <strong>the</strong> NIST RFI <strong>and</strong>stakeholder meetings. Second, it shouldcontinue to monitor <strong>and</strong> influencecybersecurity legislation. If possible,it should consider introducing o<strong>the</strong>rcable-protection elements in suchlegislation, including an increasein <strong>the</strong> statutory penalties for cabledamage <strong>and</strong> a broader definition ofcable damage. Third, it should engageproactively with U.S. Governmentagencies, <strong>the</strong> U.S. Congress, <strong>and</strong> o<strong>the</strong>rstakeholders to share informationabout existing industry cybersecurityefforts <strong>and</strong> <strong>the</strong> impact of proposalsfor new or additional compliancerequirements. Fourth, it should takeany <strong>and</strong> all opportunities to remind<strong>the</strong> U.S. Government <strong>and</strong> o<strong>the</strong>rstakeholders of <strong>the</strong> critical importanceof undersea cable infrastructure <strong>and</strong>services to <strong>the</strong> U.S. economy <strong>and</strong>national security. Fifth, it shouldremind <strong>the</strong> U.S. Government <strong>and</strong>o<strong>the</strong>r stakeholders that infrastructureprotection—<strong>and</strong> undersea cable
16protection in particular—involves morethan just malicious threats. In fact,o<strong>the</strong>r natural <strong>and</strong> human activities posegreater day-to-day risks to underseacable infrastructure.Given <strong>the</strong> number of entities involved<strong>and</strong> <strong>the</strong> timelines provided in <strong>the</strong>Executive Order, agencies likely willfeel significant pressure to act quickly.The undersea cable industry should<strong>the</strong>refore plan to engage quickly <strong>and</strong>proactively with DHS, NIST, <strong>and</strong> <strong>the</strong>o<strong>the</strong>r key entities in order to ensurethat <strong>the</strong> policies <strong>and</strong> procedures createddo not result in overly burdensomeor costly reporting <strong>and</strong> complianceobligations. Its first opportunity is toparticipate in <strong>the</strong> NIST-led effort todevelop a Cybersecurity Framework.Additionally, industry may benefitfrom engaging, ei<strong>the</strong>r individuallyor as part of industry coalitions, withregulatory agencies, including DHS, <strong>the</strong>FCC, <strong>and</strong> o<strong>the</strong>rs, <strong>and</strong> with legislativebodies, including <strong>the</strong> U.S. Congress,to share information about <strong>the</strong>cybersecurity efforts already underway<strong>and</strong> <strong>the</strong> impact of proposals for new oradditional compliance requirements.<strong>Kent</strong> <strong>Bressie</strong> is a partnerwith <strong>the</strong> law firm of<strong>Wiltshire</strong> & GrannisLLP in Washington,D.C., <strong>and</strong> heads itsinternational practice. An expert ontelecommunications regulation <strong>and</strong>international trade <strong>and</strong> investment, hehas extensive experience with <strong>the</strong> rangeof legal <strong>and</strong> regulatory issues affectingundersea cables, including licensing<strong>and</strong> permitting; national <strong>and</strong> cybersecurity, export controls, <strong>and</strong> economicsanctions; transaction <strong>and</strong> investmentreviews; market access; corporate<strong>and</strong> commercial transactions; <strong>and</strong> <strong>the</strong>law of <strong>the</strong> sea. He has representedundersea cable operators, suppliers,<strong>and</strong> investors in connection withprojects on six continents.<strong>Madeleine</strong> <strong>Findley</strong> is apartner with <strong>Wiltshire</strong>& Grannis LLP inWashington, D.C., <strong>and</strong>practices principally in<strong>the</strong> area of telecommunications law.She regularly advises undersea cableoperators <strong>and</strong> suppliers on a widevariety of legal <strong>and</strong> regulatory issuesarising from cross-border operations.