Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Debate Over Cybersecurity Legislation Continues

The journey towards the adoption of cybersecurity legislation has had a number of false starts during the Obama administration, and that journey is far from over.

The journey towards the adoption of cybersecurity legislation has had a number of false starts during the Obama administration, and that journey is far from over.

If a joint hearing Thursday by the U.S. Senate Commerce and Homeland Security committees is any indication, opinion on the Hill remains divided in regards to what the next step should be to improve both security and cooperation between government and business.

Cybersecurity Legislation“The Obama administration got tired of waiting for us; I can’t blame them,” said Sen. John D. Rockefeller IV (D-WV), as he lamented the failure of multiple efforts at passing cyber-security legislation.

The executive order signed by U.S. President Barack Obama last month expands the voluntary Enhanced Cybersecurity Services program and paves the way for security clearances for personnel at critical infrastructure companies are expedited. It also includes a provision directing the National Institute of Standards and Technology (NIST) to lead the development of a framework of cybersecurity best practices and standards for critical infrastructure providers.

The order was issued despite criticism from some members of the Republican Party who felt the president was acting unilaterally. At the hearing, Sen. Tom Coburn, (R-OK), said the principal disagreement about legislation has centered on the issue of liability protection for businesses. There hasn’t been a single person who has testified at hearings he has attended on the issue with Sen. Tom Carper (D-DE) that didn’t recognize the need for such protections against “frivolous lawsuits,” he said.

If there is a place for new legislation, it is in the area of providing reasonable protection for information sharing between industry and government, testified David Kepler, chief information officer of the Dow Chemical Company. Kepler stated that his company does not support proscriptive legislation that would place a burden on business, and that because cyber-security threats are constantly in flux, response to them has to be fluid and risk-based.

“The key principles of collaboration are: one, advancing more specific and timely information sharing between government industry and my industry peers; two, reasonable protection for sharing threat or attack information between the government and other companies; and finally, it also has to lead to aggressive pursuit and prosecution of cybercriminals,” he said.

U.S. Department of Homeland Security Secretary Janet Napolitano noted in her testimony that the budget situation is impacting the battle for control of cyberspace.

“We also know that threats to cyber space and the needs to address them do not diminish because of budget cuts,” she said. “Even in the current fiscal climate we do not have the luxury of making significant reductions to our capabilities without having significant impacts.”

Advertisement. Scroll to continue reading.

“In order to be able to best meet this growing threat, we need Congress to enact a suite of comprehensive cybersecurity legislation,” she said. “I appreciate the efforts made in the last congress to pass bipartisan legislation, but the inability to get this done has indeed required the president to take executive action.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.