Contact

  • General Inquiries
    202.872.1260
    info@brt.org
  • Mailing Address
    300 New Jersey Avenue, NW
    Suite 800
    Washington, D.C. 20001
  • Media Contact
    Amanda DeBard
    Director
    adebard@brt.org

Membership Contact
LeAnne Redick Wilson
Senior Vice President
​lwilson@brt.org

    

What is Business Roundtable

Business Roundtable (BRT) is an association of chief executive officers of leading U.S. companies working to promote sound public policy and a thriving U.S. economy.

A better approach toward cybersecurity

Jan 9, 2013
Carter Wood

It’s time for a “reset” in the public policy debate over cybersecurity to avoid a governmental-dominated approach heavy with regulation, Business Roundtable said today in releasing a new report that proposes an alternative strategy that builds upon information sharing.

BRT’s release of the report, “More Intelligent, More Effective Cybersecurity Protection,” comes as President Obama is readying an executive order to expand federal agencies’ authority in the cybersecurity realm and Congress begins another debate on the issue.

CEOs believe a “true public-private collaboration” would be more effective than a mandated, "top-down regulatory approach,” said Mike Manchisi, group executive of MasterCard Worldwide's global processing business. Ajay Banga, President and CEO of MasterCard Worldwide, chairs BRT Information and Technology Committee. (News release)

Manchisi, BRT President John Engler, and BRT Vice President Liz Gasster briefed the media on the report today. Mastercard's Banga was also interviewed in The Wall Street Journal, "Cyber Attacks Bring Call for Help."

“When you think about cybersecurity, it’s less about physical security and law enforcement. It’s probably more akin to intelligence and cyberespionage, so the flexibility and responsiveness in this space is going to be very essential to countering what are very rapidly evolving threats,” Manchisi said. "The missing piece of this is really robust, two-way information sharing that has the appropriate legal and privacy protections between business and government.”

With legislation protecting companies, the report states, CEOs are committed to:

  • Investing in the infrastructure necessary to receive shared threat information;
  • Developing the capabilities required to integrate cybersecurity threat and risk information into CEO risk management; and
  • Recommending that boards of directors, as part of their risk oversight functions, continue to periodically review management’s business resiliency plans, including cybersecurity- and oversee-related risk assessment and risk management processes.

BRT's Engler also emphasized the need for flexibility, for which government mandates are ill-suited.

It’s  a new engine, it’s a new technology, it’s a new material. It’s something that has real value as an asset in the marketplace...

What you’re trying to protect is constantly changing, and the threat of what they’re trying to do to get at it, is constantly changing, so there’s no ability to pick, [for example] that on January 20, 2013, we put this rule in place and we’re going to have a party. We solved the problem! January 21, you have a different problem.

The report follows a year of analysis of the issue by Business Roundtable and its member CEOs, who are intent on pursuing effective cybersecurity strategies.

"The CEOs themselves, across all of the sectors – chemical sector, oil and gas sector, electric sector, financial services – are saying this is extremely important to us," the BRT's Gasster said. "We take this seriously, we will oversee cybersecurity and make it a priority, and set a culture in our companies that this is a top priority across all our infrastructure."

More ...

UPDATE (10:45 a.m., Jan. 10, 2013):

Related: