Senate bill mandates strong federal role to make Internet safer

April 3rd, 2009

Sen. John Rockefeller and Sen. Olympia Snowe this week introduced proposed cybersecurity legislation that would create a cabinet-level cybersecurity advisor reporting directly to President Obama — and also create extraordinary powers to enable the federal government to take over leadership in making the Internet safer.

This comes with word expected any day now from Melissa Hathaway, the management consultant tasked by President Obama to conduct a 60-day review of U.S. cybersecurity policy.

Rockefeller-Snowe reflects the wide, bi-partisan consensus that has already gelled in the security community about the need for the federal government, directed by the White House, to step forward.

The proposed legislation echoes the recommendations in this report, delivered last December, to then President-elect Obama by the Center for Strategic and International Studies (CSIS), and reinforced by this report delivered earlier this year to the Senate, from the Dartmouth College-based Institute for Information Infrastructure Protection (I3P).

With cyber threats continuing to rise to unprecedented levels, across the board, endangering consumers,  all businesses and our national security,  LastWatchdog says, “Let the debate begin, and let’s get moving forward!”

Here are some early reactions to the Rockefeller-Snowe cybersecurity bill from folks paying close attention:

patriciatitusPatricia Titus, CISO at Unisys: “I’m impressed by the section of the bill that calls for National Institute of Standards and Technology (NIST) to develop cybersecurity metrics and compliance tests. Most of the framework has already been completed by NIST, so this might be viewed as now ‘operationalizing’ the framework. But I’m concerned because it’s taken us more than seven years to refine the existing Federal Information Security Management Act, and this legislation calls for completion in one year, which seems aggressive. This work is critical, and we need to do it right the first time.”

mandeep_pic_color-copy1Mandeep Khera, CMO at CENZIC: “We think this type of a bill is long over due. There’s a virtual war being launched against the United States – both in private and public sectors – from other countries and we are not even aware of our weaknesses. Forget about fighting them, we first need to understand these vulnerabilities at the entire infrastructure layer and understand where most of the attacks are coming from. Once we know the weaknesses, we need to put together a plan to enforce compliance for all organizations and provide help where the smaller companies cannot afford to be compliant by offering special tax breaks or other government aid.”

leslieharris-th_crop2Leslie Harris, President and CEO at Center for Democracy and Technology: “The cybersecurity threat is real. But such a drastic federal intervention in private communications technology and networks could harm both security and privacy.”

Sort by:   newest | oldest | most voted
eric johnson

Great to see some progress. Developing the right incentives for a productive public/private partnership is the key to sucess.


Excellent post. It is interesting to see the proposed legislation echoing the recommendations delivered last December by the CSIS Commission on Cybersecurity for the 44th Presidency. I look forward to your future postings on this very important legislation.


Cool post. Good to see that some progress is finally being made on the subject.

Bob Pollock
Congratulations to this new Administration and for finally recognizing that our biggest vulnerability is the ‘Breaching of our Critical Infrastructures.” If the LAX Airport breach covering a 48 hour period last year caused massive chaos coupled with major highway disruptions, just imagein what will happen if they took down an assortment of our Critical Infrastructures at once!!! They will defeat us by simply causing one global economic “meltdown.” Look what they did to little Estonia & Panama’s Electric Grid last year. Russia finally admitted guilt on the Estonia take down for 24 hours. Even our Utility networks (SCADA) are at… Read more »
Mandeep Khera

Great post. This bill is very important but at the same time we need to keep privacy rights in mind. Public/Private partnership will bring in great ideas while having the backing of the government backing and infrastructure. You are right – “let’s get it moving forward” before it’s too late


The government and the WH, we”ll end up with an Orwellian net. No better to suffer. No problem with NIST writting standards that is part of function, but let us tread carefully before granting such broad power to a cabinet (political)level agency.

Well, for all of us that spend their $$ on security certifications like CISSP or GSEC, we can kiss it goodbye because we’ll be felons if we don’t get federally licensed and certified. And since FISMA passed and federal government consistantly gets F grades for their security, how can this bill make anything better, and in 1 year to boot! I may lose my job- I refuse to be a federally licensed employee. Our small company may fold if the “license” and “certification” is too expensive – is it ransom? Did you read the bill, it could be interpreted that… Read more »
Jeff Kalwerisky, Chief Security Evangelist,  Alpha Software
The concept of a cabinet-level Federal CISO makes sense, and kudos to the Obama administration. However, like anything else, the devil is in the details. To date, the Fed’s information security record is decidedly mixed, with numerous examples of great ideas that either never get implemented or which take forever, due to bureaucratic foot dragging. In the article, Patricia Titus of Unisys, mentions the example of FISMA (the Federal Information Security Management Act) which has taken almost seven years to get working. But keep reading. In similar vein, HIPAA (the Health Insurance Portability and Accountability Act), which has the laudable… Read more »

Are you folks madd?? You would give the power over the exercise of free speech on the internet to one person or agency? What ever happened to privacy? What about checks and balances in our government? Don’t get rid of your printers and typewriters yet. It may be the ONLY way free speech will survive this power grab.

Styrofoam Sheets ·

my job as a computer programmer is a very satisfying job ::