The Software & Information Industry Association (SIIA) said...

requirements on all information technology companies. The notice “appears to suffer from a fundamental flaw that does not reflect the carefully crafted scope of the Executive Order: It sweeps all IT companies or their customers into the same regulatory basket as the most critical infrastructure systems,” SIIA said Wednesday in comments filed with the General Services Administration. The order was narrowly tailored to apply to “critical infrastructure” that, if incapacitated or destroyed, would have a debilitating effect on U.S. security, public health or safety, SIIA said. “Not all systems fall under this definition and thus not all systems and assets should be required to comply with this level of regulation,” the group said. SIIA encouraged GSA, the Defense Department, the Department of Homeland Security and the Federal Acquisition Regulatory Council to “resist an approach that is overly-prescriptive. ... The result of this approach would be to stifle innovation and create an impediment to enhancing cybersecurity” (http://bit.ly/10TNrUM). The Telecommunications Industry Association (TIA) told GSA in comments that implementation of Obama’s order should keep in mind the success of public-private partnerships in addressing cybersecurity threats, as well as the importance of industry-driven adoption of best practices and standards. TIA also recommended the government enable better cyberthreat information sharing between the public and private sectors; the group also asked the government to increase information and communications technology research funding and address economic barriers that critical infrastructure owners and operators will encounter in securing cyberspace (http://bit.ly/13LpTG0). Comments are due to GSA by June 12 (http://1.usa.gov/14y0Wxf).