Legislation Would Create New Cybersecurity Regulations
Two U.S. senators have introduced legislation that would overhaul the nation's cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time.
Earlier this week, Fortify released a white paper focused on building security into government software. That report looks at the best practices of organizations that have had good cybersecurity track records, and recommends that government organizations need strong leaders, strong cybersecurity expertise and a focus on preventative security standards.
In addition, government organizations need to push security in their acquisition processes and focus on fixing or replacing their legacy software, the report says.
"The issue is we've got to attach a new sense of urgency on [cybersecurity]," said Howard Schmidt, president and CEO of the Information Security Forum and an advisor to the CSIS cybersecurity group and to Fortify. "We go through this constant cycle of beating ourselves up, beating ourselves up, instead of getting it right from the onset."
Schmidt, a former cybersecurity advisor to eBay, Microsoft and the White House, called the Federal Information Security Management Act (FISMA) of 2003, a law that subjects federal agencies to annual cybersecurity reviews, a largely unsuccessful "exercise in paperwork." FISMA grades federal agencies in several security areas.
Instead of checking off the boxes that are part of the regulations, federal agencies could be working on preventative cybersecurity measures, he said.
"In some sense, it's good to know the house is on fire," added Chess. "But let's stop what's causing the fire."
Fortify Software
Receive the latest security news as it breaks.
