Posted on | April 3, 2009 | 19 comments
Sen. John Rockefeller and Sen. Olympia Snowe this week introduced proposed cybersecurity legislation that would create a cabinet-level cybersecurity advisor reporting directly to President Obama — and also create extraordinary powers to enable the federal government to take over leadership in making the Internet safer.
This comes with word expected any day now from Melissa Hathaway, the management consultant tasked by President Obama to conduct a 60-day review of U.S. cybersecurity policy.
Rockefeller-Snowe reflects the wide, bi-partisan consensus that has already gelled in the security community about the need for the federal government, directed by the White House, to step forward.
The proposed legislation echoes the recommendations in this report, delivered last December, to then President-elect Obama by the Center for Strategic and International Studies (CSIS), and reinforced by this report delivered earlier this year to the Senate, from the Dartmouth College-based Institute for Information Infrastructure Protection (I3P).
With cyber threats continuing to rise to unprecedented levels, across the board, endangering consumers,Ã‚Â all businesses and our national security,Ã‚Â LastWatchdog says, “Let the debate begin, and let’s get moving forward!”
Here are some early reactions to the Rockefeller-Snowe cybersecurity bill from folks paying close attention:
Patricia Titus, CISO at Unisys: “I’m impressed by the section of the bill that calls for National Institute of Standards and Technology (NIST) to develop cybersecurity metrics and compliance tests. Most of the framework has already been completed by NIST, so this might be viewed as now ‘operationalizing’ the framework. But I’m concerned because it’s taken us more than seven years to refine the existing Federal Information Security Management Act, and this legislation calls for completion in one year, which seems aggressive. This work is critical, and we need to do it right the first time.”
Mandeep Khera, CMO at CENZIC: “We think this type of a bill is long over due. There’s a virtual war being launched against the United States – both in private and public sectors – from other countries and we are not even aware of our weaknesses. Forget about fighting them, we first need to understand these vulnerabilities at the entire infrastructure layer and understand where most of the attacks are coming from. Once we know the weaknesses, we need to put together a plan to enforce compliance for all organizations and provide help where the smaller companies cannot afford to be compliant by offering special tax breaks or other government aid.”
Leslie Harris, President and CEO at Center for Democracy and Technology: “The cybersecurity threat is real. But such a drastic federal intervention in private communications technology and networks could harm both security and privacy.”