This posting is a follow-up to an earlier posting on this website regarding recent legislative activity in the Senate and around the long awaited cyber security and FISMA reform bill.
The Protecting Cyberspace as a National Asset Act of 2010 – sponsored by Committee Chairman Joseph Lieberman, ranking Republican Susan Collins and Tom Carper – would provide a framework for the president to authorize emergency measures to protect the mostly privately owned critical IT infrastructure – such as financial networks and utility grids – if a cyber attack is imminent. Owners of these critical IT systems could face civil penalties if they don’t follow regulations to secure them properly.
The bill provides for the government and industry to collaborate on defining regulations and situations when a cyber emergency could be declared.
This bill would create two cybersecurity directors – one in the White House and the other in the Department of Homeland Security (DHS) – to lead the federal government’s information security efforts.
The bill also would reform the Federal Information Security Management Act (FISMA), the 8-year-old law that governs how federal agencies secure their IT systems by jettisoning the paper-based compliance process with one that emphasizes continuous monitoring of computer systems and red-team assaults by “friendly hackers” to test vulnerabilities.
According to a committee-provided summary of the Protecting Cyberspace Act, a White House Office of Cyberspace Policy, headed by a Senate-confirmed director, would advise the president on all cyber security matters. The director would lead and harmonize federal efforts to secure cyberspace and would develop a national strategy that incorporates all elements of cybersecurity policy, including military, law enforcement, intelligence, and diplomacy. The director would oversee all federal activities related to the national strategy to ensure efficiency and coordination. The director would report regularly to Congress in the interests of transparency and oversight.
However, much of the day-to-day authority in implementing government cybersecurity policy would be granted to a Senate-confirmed director of the National Center for Cybersecurity and Communications, or NCCC, who would report to the secretary of Homeland Security and to the president through the Office of Cyberspace Policy. The NCCC would also oversee the United States Emergency Response Team, or U.S.-CERT, and lead federal efforts to protect public and private sector cyber and communications networks.
We believe that while there is yet more to be said and final decisions to be made over this matter, it is nonetheless, a good practice to keep our readers informed of all recent developments related to this critically important topic of cybersecurity.
Click here to read more about this important cybersecurity development and pass this information along to the information security and risk management team members in your organization.