July 28, 2021 The central question raised by today’s National Security Memorandum (NSM) on Improving Cybersecurity for Critical Infrastructure Control Systems is what should take the place of a voluntary approach to cybersecurity. This responsibility falls on Congress. In many areas, Congress has realized that the United States is in a contest with China. The Chinese think the United States is unable to govern itself. Providing the authorities needed for better cybersecurity is an opportunity to prove China wrong. Proposed legislation in 2012 would have given the Department of Homeland Security (DHS) the authority to regulate critical infrastructure, but it was fiercely opposed by many in the private sector. One result of this failure to pass legislation in 2012 has been more than a decade of significant economic loss (probably more than $1 trillion in aggregate) and major damage to national security.