COMMENTARY

A cyber bill worth enacting

Despite some industry concerns, the Senate cybersecurity bill hits the right marks

We have routinely supported those who call for the overhaul of the Federal Information Security Management Act and highlight the need for more effective, real-time situational awareness in securing federal information systems. So the long-awaited cybersecurity bill (S. 3480) introduced in the Senate June 10 by Sens. Joe Lieberman (I-Conn.), Susan Collins (R-Maine) and Thomas Carper (D-Del.) is welcome news — and an important milestone that should draw cheers from many quarters.

The 2010 Protecting Cyberspace as a National Asset Act stands out among a recent flurry of congressional efforts to address national cybersecurity, in part for what the bill proposes and what it does not and because of its probability of being enacted.

The legislation, among other measures, would create a White House Office of Cyberspace Policy, led by a Senate-confirmed director, to oversee all federal cybersecurity efforts. It also would create a National Center for Cybersecurity and Communications at the Homeland Security Department to defend .gov networks and oversee the defenses of the nation’s most critical infrastructure. 


Related stories:

FISMA reform would elevate White House’s cyber authority

Consensus is growing for reform of flawed FISMA


Less visible but equally important, the legislation would set up a more clearly defined framework for government and the private sector to develop a baseline of security requirements that DHS would enforce for that infrastructure. It would provide DHS much-needed help in building its cyber workforce. 

The bill also recognizes the role federal procurement can play in getting vendors to do their part in the cyberspace ecosystem by focusing new attention on the potential vulnerabilities in the global supply chain — by requiring language in actual contract specifications, not just the Federal Acquisition Regulation, that addresses the integrity of products delivered to the government.

And it would at last do away with a central flaw of FISMA, by removing the outdated manual reporting requirement that wastes, by some estimates, $500 million every year, and replacing it with a requirement to move toward continuous automated monitoring and a foundation for dynamic cyber defense.

One provision of the bill, not surprisingly, has stirred up vocal concern in industry because it would give the president sweeping authority to order companies to take specific security actions to protect private networks from possible cyberattacks.

The concern is that government is too slow to respond and shouldn’t be telling the private sector how to manage its risks. Admittedly, DHS still has a way to go to prove itself. But the bill would actually help DHS better execute its charge to coordinate the situational awareness and forensics activities needed to respond to national cyberattacks. The intent of the legislation is to isolate catastrophic threats. That should actually provide incentives for key industry players to work more closely with DHS for the greater good, which is what this bill is about and why it deserves to reach the president’s desk and become law.

 

About the Author

Wyatt Kash served as chief editor of GCN (October 2004 to August 2010) and also of Defense Systems (January 2009 to August 2010). He currently serves as Content Director and Editor at Large of 1105 Media.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.