A recent bill that called for cybersecurity reform was blocked from the Senate floor last week. The bill would have forced the providers of critical infrastructure, defined as a system or asset that damage or unauthorized access could reasonably result in the interruption of life-sustaining services, including energy, water, transportation, emergency services, or food sufficient to cause a mass casualty event that includes an "extraordinary number of fatalities" or "mass evacuations with a prolonged absence", to improve their security.
The bill calls for companies to have a third party assess their security measures and then bring them up to speed. There is much more to the bill, but the main push is to get companies that provide critical infrastructure to protect themselves adequately. We already know there are groups that want to attack us. We have been attacked. Other countries have been attacked. The threat of a network attack isn't some specter that people are using as a scare tactic to pass other laws, it is a real defense issue.
While the Department of Defense already provides civilian agencies with help on cybersecurity, the bill would have been a matter of making sure critical infrastructure is safe by helping companies protect themselves and punishing those who did not take the right steps. The government has already said a serious attack can be grounds for war, so why can't we act and actually protect our vital assets?
The Obama administration may be issuing executive order to shore up cybersecurity in the mean time.
The full text of the bill is available here.
No comments:
Post a Comment