Recently our staff came across an article written by Kevin Beaver, entitled, “Why the Cybersecurity Act is better for Government than Business”, and, posted on the SearchComplianc.com website.
Several comments received on this website indicate an interest from our readership to stay on top of this cyber security topic and we believe that Mr. Beaver’s article does just that.
One of the reasons stated for this article is that the Cybersecurity Act of 2009 is not getting the attention it deserves. And, the assumption that Mr. Beaver bases his position upon is that many people in corporate America assume that all the talk about “cybersecurity” involves government systems. And since Mr. Beaver believes that this is not the case, he argues that this bill is really more about government control than anything else.
In this article, Mr. Beaver goes on to state further, “….Digging deeper into the Cybersecurity Act, you begin to see the White House will be calling the shots in deciding which private networks are critical and which ones are not. But how can the White House — or any other agency — decide which networks are more critical? Are networks owned by Internet service providers, banks and universities more critical than those owned by retail, manufacturing or Internet colocation facilities?
Clearly, Mr. Beaver takes the position that this bill is good for government and bad for business.
Given such an argument, does too much government control implied in this bill affect an organization’s decision to increase their readiness level of preparedness regarding steps they take to raise network security compliance levels within that organization? Does too much government control create a fall sense of security in the sense that many small organizations may say that the government is taking care of the problem for them ….?
All interesting questions affecting information security, network security plan decisions and network security testing strategies.
And, to make matters even more difficult to monitor, especially for small business, is the fact that earlier this year the government released a committee amendment or staff working draft with the purpose to modify this bill as introduced. CLICK HERE to read that entire draft version.
Certainly we believe that this topic warrants more ongoing discussion and direction from both our government as well as our industry leaders. We also always welcome our reader’s comments.
If you found this information valuable, please pass it along to those information security, operational risk management, network security risk team members in your organization.