Kent Bressie and Madeleine Findley Analyze the Impact - Wiltshire ...

More documents

Recommendations

Info

15wake of the President’s action,Representatives Mike Rogers (R-Mich.)and Dutch Ruppersberger (D-Md.)reintroduced the Cyber IntelligenceSharing and Protection Act (“CISPA”),which passed the House but notthe Senate in the last Congress. TheHouse Permanent Select Committee onIntelligence held a hearing on the billon February 14, 2013, and the Secretaryof Homeland Security testified beforea hearing of the Senate Committee onHomeland Security and GovernmentalAffairs on cybersecurity issues onMarch 7, 2013. Before passing anylegislation, however, Congress mustfirst resolve several key contentiousissues, including whether to mandatespecific cybersecurity standards orprovide liability protection to industry.Representative Mike McCaul (R-Tex.),chairman of the House’s HomelandSecurity Committee, and SenatorTom Carper (D-Del.), chairman ofthe Senate’s top homeland securitycommittee, have both expressed theirintent to push for legislation in thecoming months. 55. Preliminary Recommendations forIndustry InvolvementGiven the risks and uncertainties of the5. See, e.g., Rep. Michael McCaul, Opinion, Hardening Our Defenses Against Cyberwarfare,Wall St. J., Mar. 6, 2013, available at http://online.wsj.com/article/SB10001424127887324‌662404578336862508763442.html; Rep. Michael McCaul,Statement, Legislation Needed to Bolster Cybersecurity Executive Order, Feb. 12,2013, available at http://homeland.house.‌gov/‌‌‌press-release/legislation-needed-bolster-cybersecurity-executive-order.processes established by the ExecutiveOrder and PPD, we think it importantfor the undersea cable industry to takeseveral actions. First, the industryshould participate actively in thestandards-development and otherimplementation proceedings alreadybegun by various U.S. Governmentagencies, including the NIST RFI andstakeholder meetings. Second, it shouldcontinue to monitor and influencecybersecurity legislation. If possible,it should consider introducing othercable-protection elements in suchlegislation, including an increasein the statutory penalties for cabledamage and a broader definition ofcable damage. Third, it should engageproactively with U.S. Governmentagencies, the U.S. Congress, and otherstakeholders to share informationabout existing industry cybersecurityefforts and the impact of proposalsfor new or additional compliancerequirements. Fourth, it should takeany and all opportunities to remindthe U.S. Government and otherstakeholders of the critical importanceof undersea cable infrastructure andservices to the U.S. economy andnational security. Fifth, it shouldremind the U.S. Government andother stakeholders that infrastructureprotection—and undersea cable
16protection in particular—involves morethan just malicious threats. In fact,other natural and human activities posegreater day-to-day risks to underseacable infrastructure.Given the number of entities involvedand the timelines provided in theExecutive Order, agencies likely willfeel significant pressure to act quickly.The undersea cable industry shouldtherefore plan to engage quickly andproactively with DHS, NIST, and theother key entities in order to ensurethat the policies and procedures createddo not result in overly burdensomeor costly reporting and complianceobligations. Its first opportunity is toparticipate in the NIST-led effort todevelop a Cybersecurity Framework.Additionally, industry may benefitfrom engaging, either individuallyor as part of industry coalitions, withregulatory agencies, including DHS, theFCC, and others, and with legislativebodies, including the U.S. Congress,to share information about thecybersecurity efforts already underwayand the impact of proposals for new oradditional compliance requirements.Kent Bressie is a partnerwith the law firm ofWiltshire & GrannisLLP in Washington,D.C., and heads itsinternational practice. An expert ontelecommunications regulation andinternational trade and investment, hehas extensive experience with the rangeof legal and regulatory issues affectingundersea cables, including licensingand permitting; national and cybersecurity, export controls, and economicsanctions; transaction and investmentreviews; market access; corporateand commercial transactions; and thelaw of the sea. He has representedundersea cable operators, suppliers,and investors in connection withprojects on six continents.Madeleine Findley is apartner with Wiltshire& Grannis LLP inWashington, D.C., andpractices principally inthe area of telecommunications law.She regularly advises undersea cableoperators and suppliers on a widevariety of legal and regulatory issuesarising from cross-border operations.
Page 1 and 2: Voiceof theIndustry69m a r2013ISSN
Page 3: Cybersecurity Developments Raise Gr
Page 6 and 7: • Framework to Reduce CyberRisk t
Page 8 and 9: the installation of underseacables

Kent Bressie and Madeleine Findley Analyze the Impact - Wiltshire ...

Create successful ePaper yourself

Delete template?

Save as template?