Legislation Would Create New Cybersecurity Regulations
Two U.S. senators have introduced legislation that would overhaul the nation's cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time.
Wed, April 01, 2009
IDG News Service — Two U.S. senators have introduced legislation that would overhaul the nation's cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time.
Senator Jay Rockefeller, a West Virginia Democrat, and Senator Olympia Snowe, a Maine Republican, introduced the legislation Wednesday but some details were not immediately available. Earlier Wednesday, the Washington Post reported that the legislation will include new mandates on government networks and on private networks that control electrical grids, water distribution and other essential services.
A spokeswoman for the Senate Commerce, Science and Transportation Committee, of which Rockefeller is chairman, said Wednesday she had few details about the bill Wednesday afternoon. The bill would establish a new national cybersecurity advisor in the executive office of President Barack Obama, and it would "remake the relationship between the government and the private sector on cybersecurity," a committee news release said.
"We must protect our critical infrastructure at all costs -- from our water to our electricity, to banking, traffic lights and electronic health records -- the list goes on," Rockefeller said in a statement. "It's an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now."
Rockefeller said during a March 19 hearing that he and Snowe were working on a bill, with part of the focus on encouraging more U.S. students to study cybersecurity. But he also complained that few U.S. residents paid attention to the country's cybersecurity problems.
"I regard [cybersecurity] as a profoundly and deep troubling problem to which we are not paying much attention," he said then. "The problem is America is unacceptably exposed to massive cybercrime."
He called then for government leaders and the private sector to work together on cybersecurity. "We need a coordinated public-private response, and currently, one does not exist," Rockefeller said.
Rockefeller and other lawmakers have recently raised concerns that cyberterrorists could attack and bring down U.S. infrastructure, including banks, air traffic control, rail control and telecommunication. The legislation he has introduced roughly follows the guidelines set out in a December report from a commission of cybersecurity experts organized by the Center for Strategic and International Studies (CSIS), a Washington, D.C., think tank, according to the commerce committee news release.
But some cybersecurity experts have questioned whether new regulations for the private sector would improve security. "Security is an attitude and it's hard to legislate attitude," said Brian Chess, founder and chief scientist at Fortify Software, a cybersecurity vendor. "It has more to do with understanding the impact of insecure software on the organization. The companies that are leading in this area are doing it as part of a compliance effort but they recognize it is cheaper to deploy preventative security."
