Readers react to Senate's cybersecurity bill
Some readers are not too impressed with a Senate bill that looks to improve cybersecurity in the public and private sectors.
The bill is a multifaceted affair, with provisions on government oversight, procurement rules and technical standards as well as others on the training, certification and licensing of cybersecurity professionals. Check out FCW's story here.
But FCW readers are a skeptical bunch. Here are excerpts from some (but by no means all) comments we received:
* Nothing will happen until it becomes mandatory in the private sector. Commercial enterprises spend more money in requirements "tell me what I have to do to get around this..." than they do becoming compliant.
* For the most part, the 'new' things espoused already exist in some fashion so I don't see much improvement in our cybersecurity posture as a result. My experiences in this arena to date all point to the same central weakness and that is not in the laws and regulations that already exist but in the people implementing them. The people at the top are bureaucratically heavy and intellectually light and therefore can never arrive....typical government operation. Can you imagine what a disposable diaper would look like if you charged the government with developing it?
* Whatever happened to the checks and balances that our Constitutional fathers envisioned? These security standards and certifications are already in existence. This is yet another example of a knee-jerk reaction by uninformed bureaucrats who are clueless about cybersecurity, yet fancy themselves to be experts because they personally use a Blackberry.
* Were the authors of the bill unaware of the existing Common Criteria program? Existing certification programs? Have they never heard of CERT, CIAC, NIST, or DISA? Hopefully they will try to build upon the existing foundation instead of starting from scratch.
And finally, a dissenter:
* Sounds like the bill is on the right track its about time IT Security got the recognition it deserves. Additionally establishing professional standards for Cybersecurity is good thing and anyone that has put up the effort and costs to keep up in the field will be rewarded.
Posted by John Stein Monroe on Apr 03, 2009 at 12:14 PM