Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Analysis: New cyber bill dials back regulatory aspects of earlier versions
Monday - 7/23/2012, 1:23pm EDT
"The version of the bill they are now considering significantly dials back the regulatory component," said Rob Strayer, the director of the Homeland Security Project at the Bipartisan Policy Center. "It makes it strictly voluntary that companies have to comply with cybsecurity performance standards."
Strayer worked on two reports for the BPC about the various cybersecurity bills Congress is considering: Cyber Security Task Force: Public/Private information sharing" and Cyber Security Legislation Privacy Protections are Substantially Similar."
Rob Strayer, director, Homeland Security Project, Bipartisan Policy Center
"The only actual requirement in there seems to be in that for a significant cyber incident, a company that owns critical infrastructure assets would have to report that to the government," Strayer said.
The new bill establishes a council to coordinate between various departments, which Strayer considered an "elegant" way to address cybersecurity.
"Many different departments have regulatory or some kind of oversight for different sectors of industry that have cybersecurity issues. And it keeps the Secretary of Homeland Security as the chair of this council and the secretary still writes the information sharing procedures and regulations that had been so controversial on the way," he said.
Under this model, the Department of Homeland Security would set the rules for information reporting and sharing but not the cybersecurity practices that businesses would have to impose to keep themselves safe. Previously, DHS could also set the standards the businesses operated under.
Strayer said that the bill would go a long way toward securing industry networks. One thing that the most recent BPC called for that was lacking in the previous cybersecurity bills was the inclusion of emergency authorities.
"If there was an emergency over our critical infrastructure networks in our country, it's unclear how the federal government would be able to require the private sector to take emergency steps to remedy that," Strayer said. "That's something we think should be thought out well in advance."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.