Senate security bill would put burden on contractors

An ambitious bill introduced last week in the Senate aims to improve cybersecurity in federal government by laying new responsibilities on contractors in the areas of training, procurement and technical standards.

The measure, one of two cybersecurity bills that Sens. John Rockefeller (D-W.Va.) and Olympia Snowe (R-Maine) introduced last week, would require the licensing and certification of anyone providing cybersecurity services to a federal agency or information system or network designated as critical infrastructure. The Commerce Department would determine those requirements.

Some observers point out that many other professions require extensive licensing and certification.

Alan Paller, director of research at the SANS Institute, said it will be important to determine to whom the certification requirements should apply. For example, Paller said people with jobs that involve managing systems have large responsibilities for cybersecurity, even through they are not necessarily considered security professionals.
 
James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy program, said the certification proposal would require people to show they have the necessary training and knowledge. That would be part of what he sees as an ongoing effort to nudge the information technology industry to greater maturity. 

The legislation would also call for the development of validation standards for software purchased by government. Lewis said reform in the procurement process is widely seen as a way to encourage better cybersecurity.

Experts, federal officials and industry remain fixated on the Obama administration’s ongoing 60-day cybersecurity review, which is expected to lead to a new cybersecurity strategy that involves government and the private sector.

John Stewart, chief security officer at Cisco Systems, said government and industry need to be mindful of the speed with which the IT industry changes. 

“If we codify something that doesn’t have elasticity in it, or by the way gets highly prescriptive, what we’ll end up doing is solving a moment in time to a one degree and then not be able to adapt to the next moment,” Stewart said. 

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • IT Modernization
    Eisenhower Executive Office Building (Image: Wikimedia Commons)

    OMB's user guide to the MGT Act

    The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek and use funds under the MGT Act.

  • global network (Pushish Images/Shutterstock.com)

    As others see us -- a few surprises

    A recent dinner with civil servants from Asia delivered some interesting insights, Steve Kelman writes.

  • FCW Perspectives
    cloud (Singkham/Shutterstock.com)

    A smarter approach to cloud

    Advances in cloud technology are shifting the focus toward choosing the right tool for the job and crafting solutions that truly modernize systems.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.