Lawfare: “Concerns over the possible Russian use of cyber weapons against U.S. domestic critical infrastructure in connection with the Ukraine crisis—warnings renewed on Feb. 11—should prompt reconsideration of the still-deferential posture of U.S. cybersecurity policy toward much of the private sector. Once again, though, complaints against “government mandates” may block action.For more than 30 years, the federal government’s approach to cybersecurity has been based on the concept of public-private partnership. For many sectors, that has meant no regulation, even as the threat has grown and industry’s response has lagged. It took last May’s high-profile attack on Colonial Pipeline to prompt the Transportation Security Agency (TSA) to issue its first binding directives for that one highly critical infrastructure. TSA used existing powers, not specific to cyberthreats. With congressional action to grant new regulatory authorities highly improbable, it is remarkable how many other agencies also have existing authority that could be leveraged to improve the cybersecurity of private actors under their jurisdiction…”