While security should be mandatory, the government cannot expect private industry to share information without protection from lawsuits related to customer privacy, Jennex said. There is also the issue of protecting data that a competitor could use.
"What I would like to see is a presidential order that allows companies and industries to work together, share attack information and risk information, and come to a consensus on what to do; all without the fear of being sued by customers," Jennex said.
Also, to avoid laws that become outdated quickly, Congress should focus on establishing data-sharing processes and security requirements, without dictating which technology is used, he said.
Congress failed last year to pass the Cyber Security Act of 2012. Opponents that managed to derail the bill included business groups that argued it contained unnecessary and onerous regulations and privacy advocates who said it did not go far enough to protect personal communications.
The latest proposal has drawn support from Janet Napolitano, secretary of the Department of Homeland Security. In urging Congress to pass legislation, Napolitano told the Wilson Center think tank in Washington that lawmakers should not wait for a "9/11 in the cyber world."
"There are things we can and should be doing right now that, if not prevent, would mitigate the extent of damage," a Reuters report quotes Napolitano as saying.
Sign up for CIO Asia eNewsletters.