New Legislation Would Federalize Cybersecurity 194
Hugh Pickens writes "Senators Jay Rockefeller and Olympia J. Snowe are pushing to dramatically escalate US defenses against cyberattacks, crafting proposals in Senate legislation that could be introduced as early as today, that would empower the government to set and enforce security standards for private industry for the first time. The legislation would broaden the focus of the government's cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. 'People say this is a military or intelligence concern, but it's a lot more than that,' says Rockefeller, a former intelligence committee chairman. 'It suddenly gets into the realm of traffic lights and rail networks and water and electricity.' The bill, containing many of the recommendations of the landmark study 'Securing Cyberspace for the 44th Presidency' (PDF) by the Center for Strategic and International Studies, would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. The legislation calls for the appointment of a White House cybersecurity 'czar' with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway. It would require the National Institute of Standards and Technology to establish 'measurable and auditable cybersecurity standards' that would apply to private companies as well as the government. The legislation also would require licensing and certification of cybersecurity professionals."
Re:Cybersecurity 'Standards" (Score:3, Informative)
Re:Never was the "It's a Trap" Tag More Appropriat (Score:5, Informative)
What about SELinux?
Isn't it NSA sponsored?
Re:More Than Meets The Eye (Score:1, Informative)
Name a defense company. It's a veritable Who's Who of Beltway Bandits.
No, it is Liberal Facsism (Score:1, Informative)
You can even read the book or the blog [nationalreview.com]
Re:Not such a good idea (Score:5, Informative)
- Not abuse access to data held by said companies
Let me get this straight, NSA (the agency recommended for the job according to tfa) will conduct "ongoing audits" of private networks owned by the utilities (telecoms too?) and nowhere does it say that this does not include access mountains of data held by those utilities on just about every person in the US
Re:Enforcing compliance... (Score:4, Informative)
I'm pretty sure the government and military also runs Linux/BSD/Unix in certain applications, so it would be silly to assume that they wouldn't write legislation in such a way that such OSes would be included.
I imagine something of a "security certification requirements" that the ruling body of each OS would put forth (i.e., each Linux distro would put forward a list, as well as Microsoft for Windows, Apple for OS X, etc). This list would be submitted to the government/whatever authority, and they would use this list in testing whether or not individual IT installations are complicit. The list, if implemented, would also have to assure that the OS's operation would meet the government's "cyber-security requirements".
In other words, I don't imagine the government would completely ignore Linux to give a leg-up on Microsoft. Not only would that fall in the face of the whole anti-trust suit with MS, but also the government would have to shut down its own systems running non-MS operating systems. That approach doesn't appear to make any sense.