Monday, 17 September 2012


U.S. president Barack Obama has been called upon to issue an executive order to improve the nation's computer and website security practices. Senate Intelligence Chairwoman Dianne Feinstein of California wrote an open letter to the president that expressed concerns over cybersecurity legislation efforts, predicting that effective legislation is not likely to pass within the next year.

"Therefore, I believe the time has come for you to use your full authority to protect the U.S. economy and the networks we depend on from future cyber attack," Feinstein wrote. "While an Executive Order cannot convey protection from liability that private sector companies may face, your administration can issue cybersecurity standards and provide technical assistance to companies willing to take voluntary steps to improve their security. You can also direct the Intelligence Community and the Department of Homeland Security to provide as much information as possible to the private sector about cyber threats, including classified information."

A recent article from The New American pointed out this isn't the only time the Obama administration has been called to action. Senator Jay Rockefeller of West Virginia wrote a similar letter to the president earlier this month. White House representatives said that the administration considered issuing an executive order after the Cybersecurity Act of 2012 failed to pass in the Senate.

Although the U.S. government has made several attempts to pass legislation enhancing communication between the private and public sector, those efforts have come under heavy criticism from security experts. According to a CIO blog post written earlier this month, experts said previous cybersecurity bills did not address core issues.

The article highlighted comments from Jason Lewis, chief scientist at Lookingglass Cyber Solutions, who said the problem with the bill was accountability. Voluntary guidelines such as those outlined by CISPA are not enough to protect critical infrastructure, according to Lewis. An effective cybersecurity solution would be painful for everyone, legislators and businesses included.

"If the law stated that companies involved in security incidents had to shut down their business until they could prove they had addressed the issues, the number of breaches would be low and the level of security across all sectors would improve dramatically," Lewis said.

Lewis added that organizations responsible for managing critical infrastructure would need help upgrading their technology infrastructures and implementing best-practice solutions. Making improvements to these systems without hindering operations can be costly, but the first step would be to hold organizations accountable for security.


No comments:

Post a Comment