infoTECH Feature

July 01, 2010

Senate Proposal Tries to Protect Cyberspace

A new bill that "fundamentally" reshapes the way the federal government protects government and private sector cyber networks was recently reported out of a U.S. Senate Committee.

The bill - which has its critics - tries to improve upon a similar proposal made during 2009.

The bill, known as Protecting Cyberspace as a National Asset Act of 2010, S.3480, would create a White House Office of Cyberspace Policy to lead federal and private sector efforts to secure critical cyber networks and assets.

The bill also creates a new center within the Department of Homeland Security, the National Center for Cybersecurity and Communications, to implement cybersecurity policies as they pertain to federal and private sector networks.

"Catastrophic cyber attack is no longer a fantasy or a fiction," said Independent Sen. Joe Lieberman of Connecticut, a co-author of the bill. "It is a clear and present danger. This legislation would fundamentally reshape the way the federal government defends America's cyberspace. It takes a comprehensive, risk-based, and collaborative approach to addressing critical vulnerabilities in our own defenses. We believe our bill would go a long way toward improving the security of our government and private critical infrastructure, and therefore the security of the American people."

"It's important that we realize that the threat of a catastrophic cyber attack is not theoretical. It's very real. It is not a matter of 'if' such an attack is going to occur, but when," adds Sen. Susan Collins, R-ME. "The Sergeant at Arms has reported that the computer systems in Executive Branch agencies and in congressional agencies are now under cyber attack an average of 1.8 billion times a month. That is extraordinary. Cyber crime costs our national economy billions of dollars annually. And intelligence officials have warned over and over again that these attacks are becoming more and more sophisticated. The fact is: We cannot fail to act. We can't wait until there is a cyber 9/11 and say, 'Why didn't we act? We knew this was coming.' The attacks are ongoing even as we meet. So we must act, and I believe we have drafted a responsible bill to do so."

Writing in PC Magazine, Larry Seltzer said that the bill has some reasonable motives behind it. Something should be done to improve security in the government sector and the government should be concerned with defending critical infrastructure, Seltzer said.

The main problem in this bill is the assumption that government can step in and make things better, Seltzer said.

He adds that under the bill:

The NCCC will create security regulations for critical infrastructure. The President is given authority to declare 'a national cyber emergency' specifying which covered critical infrastructure is affected. The NCCC decides, after working with the operators of the infrastructure, what measures they could take.

There is a notion that, in an emergency, the Department of Homeland Security will know how to secure private networks and sites better than the private companies that own them, Seltzer said.

There's a big difference between the government sharing intelligence with operators of critical infrastructure and ordering them to make specific configurations, Seltzer said. The owners of the critical infrastructure have been clamoring for such intelligence for years, and they get it from private intelligence firms like VeriSign's (News - Alert) iDefense, according to Seltzer. Such companies are more likely to be able to share useful information with their customers than the government, frequently constrained by secrecy rules, Seltzer said.

Seltzer also said that parts of the bill are vague.

The Homeland Security and Governmental Affairs Committee was scheduled to hold a hearing on the new bill in June.

Ed Silverstein is a contributing editor for TMCnet's InfoTech Spotlight. To read more of his articles, please visit his columnist page.

Edited by Patrick Barnard

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers