X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

This is the latest in a series of columns from attorneys at O’Melveny & Myers LLP, examining the intersections of the political and legal worlds in the run-up to Election Day 2012. Last week’s effective defeat of the proposed Cybersecurity Act of 2012, due to the failure in the Senate to secure the 60 votes needed to cut off a filibuster, appears to the mark the end of this year’s efforts to enact legislation confronting the threat of cybersecurity to critical U.S. infrastructure. Perhaps inevitably, in an election season the Congress could not choose between two very different visions. That some action is needed in the realm of cybersecurity is the one thing beyond debate. Over the last year, supporters of various versions of legislation have emphasized that the nation’s critical infrastructure—including electrical grids, water stations, and telecommunications systems—is a target for cyberattacks. Indeed, in July, the head of the National Security Agency and the U.S. Cyber Command said that computer attacks on U.S. infrastructure had increased seventeen-fold between 2009 and 2011, and expressed the view that, on a scale of 1-10, U.S. preparedness for a large cyberattack is around a three. What action should be taken to address this threat, however, sparked sharp partisan disagreement. In the Senate, for example, supporters of the bill backed by the Obama Administration were unable to mollify its opponents’ concerns—that the provision incentivizing companies to adopt voluntary cybersecurity standards was simply a guise for developing de facto mandatory standards, that the authority to aggregate cyberattack information had been delegated to the wrong agency, and that the bill’s provisions did not strike the right balance between national security, private innovation and self-governance, and civil liberties. The Senate may try again in September, but with few legislative days remaining on the congressional calendar, the election looming, and a busy lame duck session in the offing, the more likely outcome is that, following the election, the next administration—whether led by President Obama or Governor Romney—will address the national cybersecurity problem through executive action. Because corporate systems will be the primary focus of cybersecurity reforms, it is an ideal time for companies and their in-house counsel to assess the strength of their existing cybersecurity programs. Indeed, for corporate counsel, cybersecurity must figure prominently in any conversation about long-term strategic risks to their company’s interests. An important strategic consideration for an internal assessment is, of course, the form that executive action may take. Consider the following:

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2017 ALM Media Properties, LLC. All Rights Reserved.