Thursday, June 24, 2010

Senate Committee Adopts CyberSecurity Legislation

The U.S. Senate Homeland Security and Governmental Affairs Committee approved a major cybersecurity bill that would "fundamentally reshape" the way the federal government protects public and private sector cyber networks.

The Protecting Cyberspace as a National Asset Act of 2010 (S.3480), which is sponsored by Senators Lieberman, Collins, and Carper, would create a White House Office of Cyberspace Policy to lead federal and private sector efforts to secure critical cyber networks and assets.

The office would be led by a Senate-confirmed director who would be accountable to the public. The bill also creates a new center within the Department of Homeland Security (DHS) to implement cybersecurity policies as they pertain to federal and private sector networks.

"Catastrophic cyber attack is no longer a fantasy or a fiction," Lieberman said. "It is a clear and present danger. This legislation would fundamentally reshape the way the federal government defends America's cyberspace. It takes a comprehensive, risk-based, and collaborative approach to addressing critical vulnerabilities in our own defenses. We believe our bill would go a long way toward improving the security of our government and private critical infrastructure, and therefore the security of the American people."

Some industry reaction:

Sara C. Santarelli, Chief Network Security Officer at Verizon: "Unfunded regulatory mandates and command-and-control type governance must be avoided. The most effective approach, which appears to be the direction that this bill is taking, is a public-private partnership where government provides assistance and expertise to the private sector, coupled with incentives like confidentiality and
liability protection to encourage the private sector to implement desired activities and with freedom to take decisive actions."

Mark Bregman, Executive Vice President & Chief Technology Officer at Symantec:

"This important legislation will enhance and modernize our nation‟s overall cybersecurity posture in order to safeguard our critical infrastructure from attack. The bill also importantly recognizes cybersecurity as a shared government and private sector responsibility which requires a coordinated strategy to detect, report and mitigate cyber incidents."

See also