LINK: http://www.informationweek.com/government/security/congress-kills-cybersecurity-bill-white/240142198
The
Senate again held a vote on, and failed to approve, legislation which would
provide comprehensive cyber security regulatory reform. The bill in question is the Cyber Security
Act of 2012. In recent months, security
professionals and national security officials have urged Congress to act, but Republicans
and the U.S. Chamber of Commerce seem to feel the bill is inadequate and will
cost too much to implement. In light of
the lack of action by Congress over the past few months, President Obama has "signed
the classified Presidential Policy Directive 20, which sets new cyber defense
standards for government agencies, including standards for defensive measures
that might require agencies to reach outside their own networks." The official White House stance is that if
Congress is not willing to act, they will.
It is unclear how much of this is political posturing, even after the
election, but what is clear is the need for cyber security improvements for the
government and private sector. The White
House has also prepared
a draft executive order, concerning cyber security. This order would "direct the NIST to set
cyber security standards for eighteen critical infrastructure industries. The
Department of Homeland Security would encourage adoption of these standards,
and agencies responsible for regulating critical infrastructure industries
would be responsible for proposing potentially mandatory cyber security
regulations for those industries."
This
executive order might be a bandage for the time being, but it is not
comprehensive and will not offer good long term protection where it is needed
most. As Harry Reid points out, there is
no liability protection for companies should they be hit by a cyber
attack. After reading about the U.S.-China
Economic and Security Review Commission report it is clear now more than ever
this country is at risk of being hurt by a cyber attack. The report called China "the most
threatening actor in cyberspace".
Hopefully, this will not be another case of reactive government. They need to take a proactive approach in
order to prevent what some would call a cyber Pearl Harbor.
No comments:
Post a Comment