Commerce Secretary Penny Pritzker is floating the idea of giving businesses protections so that they can discuss cyberattacks with officials without risking any punishment.
“Laws and regulations alone cannot protect us from the emerging cyber threats,” Pritzker said at a U.S. Chamber of Commerce conference on cybersecurity Tuesday. “The federal government cannot regulate cyber risk out of existence.”
{mosads}Pritzker said that with regulations and Federal Trade Commission actions there are often civil, legal and regulatory risks that discourage businesses from acknowledging cyberattacks. She said that led to a relationship between regulators and businesses that is “inherently adversarial, not collaborative.”
That can mean that government cannot provide assistance when it would be beneficial, cannot investigate attacks or help all companies learn from past breaches.
“When companies are under attack, they do not think of how government can help them. What they see are the risks of engagement,” she said.
Pritzker advocated protections for companies willing to come forward after a breach.
“Don’t get me wrong. We must protect consumers and hold industry to high standards, but we also need real team effort and need to create the conditions for that,” she cautioned.
She compared it to dialing 911 during a medical emergency, where the doctors do not serve as agents of law enforcement.
“Government alone cannot secure our digital economy,” said Pritzker.