Crossroads Blog | Institute National Security and Counterterrorism

Legislation

Senate Cybersecurity Bill Sparking Concerns About Government Control: The Hill

On Jan. 29th, 2012, Gautham Nagesh wrote for The Hill on comprehensive cybersecurity legislation.  Apparently one cybersecurity bill will make it to the Senate floor this week.  That bill has not been publicly released.  

As for the bill, the article explained that its content gives DHS regulatory power over critical infrastructure.  These provisions, however, have left critical infrastructure owners concerned.  According to the article, some believe that the bill would give DHS overbroad powers to determine whether the private sector has an adequate cybersecurity management approach.  This describes the concept of intervention authority, or allowing the government to intervene in the private sector's cybersecurity practices when the data at hand is extremely important.  The article quoted Sen. Joe Lieberman on intervention authority: 

"The federal government must protect its own information. When this information is processed or stored by a contractor on behalf of an agency and isn't as secure as it should be, the government needs to have the authority to step in and improve security."

In essence, private entities fear that the US government will abuse its intervention authority by broadly interpreting what is important information. 

Supporters of the bill believe that these concerns are overblown.  The article noted that the bill applies to sensitive government data, not necessarily all government data.  Thus, the US government couldn't use its intervention authority for just any government data on private systems.  Moreover, the bill is not in final form; it appears likely that some provisions will be modified in committee.  Finally, this bill was presented as a less drastic alternative to internet kill switch legislation.  In comparison, this cybersecurity bill is "gentle."  That gentleness should hopefully sway critics.

Interesting point on the political debate over cybersecurity regulation: the article explained that everyone agrees that limited regulation is needed.  The debate really comes down to "which industries are regulated under the critical infrastructure portion of the bill and to what extent."

You can find The Hill source article here.

Leave a Reply

Legislation

Senate Cybersecurity Bill Sparking Concerns About Government Control: The Hill

On Jan. 29th, 2012, Gautham Nagesh wrote for The Hill on comprehensive cybersecurity legislation.  Apparently one cybersecurity bill will make it to the Senate floor this week.  That bill has not been publicly released.  

As for the bill, the article explained that its content gives DHS regulatory power over critical infrastructure.  These provisions, however, have left critical infrastructure owners concerned.  According to the article, some believe that the bill would give DHS overbroad powers to determine whether the private sector has an adequate cybersecurity management approach.  This describes the concept of intervention authority, or allowing the government to intervene in the private sector's cybersecurity practices when the data at hand is extremely important.  The article quoted Sen. Joe Lieberman on intervention authority: 

"The federal government must protect its own information. When this information is processed or stored by a contractor on behalf of an agency and isn't as secure as it should be, the government needs to have the authority to step in and improve security."

In essence, private entities fear that the US government will abuse its intervention authority by broadly interpreting what is important information. 

Supporters of the bill believe that these concerns are overblown.  The article noted that the bill applies to sensitive government data, not necessarily all government data.  Thus, the US government couldn't use its intervention authority for just any government data on private systems.  Moreover, the bill is not in final form; it appears likely that some provisions will be modified in committee.  Finally, this bill was presented as a less drastic alternative to internet kill switch legislation.  In comparison, this cybersecurity bill is "gentle."  That gentleness should hopefully sway critics.

Interesting point on the political debate over cybersecurity regulation: the article explained that everyone agrees that limited regulation is needed.  The debate really comes down to "which industries are regulated under the critical infrastructure portion of the bill and to what extent."

You can find The Hill source article here.

Leave a Reply

Bitnami