Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Analysis: New cyber bill dials back regulatory aspects of earlier versions
Monday - 7/23/2012, 1:23pm EDT
"The version of the bill they are now considering significantly dials back the regulatory component," said Rob Strayer, the director of the Homeland Security Project at the Bipartisan Policy Center. "It makes it strictly voluntary that companies have to comply with cybsecurity performance standards."
Strayer worked on two reports for the BPC about the various cybersecurity bills Congress is considering: Cyber Security Task Force: Public/Private information sharing" and Cyber Security Legislation Privacy Protections are Substantially Similar."
Rob Strayer, director, Homeland Security Project, Bipartisan Policy Center
"The only actual requirement in there seems to be in that for a significant cyber incident, a company that owns critical infrastructure assets would have to report that to the government," Strayer said.
The new bill establishes a council to coordinate between various departments, which Strayer considered an "elegant" way to address cybersecurity.
"Many different departments have regulatory or some kind of oversight for different sectors of industry that have cybersecurity issues. And it keeps the Secretary of Homeland Security as the chair of this council and the secretary still writes the information sharing procedures and regulations that had been so controversial on the way," he said.
Under this model, the Department of Homeland Security would set the rules for information reporting and sharing but not the cybersecurity practices that businesses would have to impose to keep themselves safe. Previously, DHS could also set the standards the businesses operated under.
Strayer said that the bill would go a long way toward securing industry networks. One thing that the most recent BPC called for that was lacking in the previous cybersecurity bills was the inclusion of emergency authorities.
"If there was an emergency over our critical infrastructure networks in our country, it's unclear how the federal government would be able to require the private sector to take emergency steps to remedy that," Strayer said. "That's something we think should be thought out well in advance."
This story is part of Federal News Radio's daily Cybersecurity Update. For more cybersecurity news, click here.