IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security

What Will the Cybersecurity Act of 2009 Do to Your Job and Business?


By: Larry Seltzer
2009-04-10
Article Rating:starstarstarstarstar / 7


There are  user comments on this IT Security & Network Security News & Reviews story.



  Table of Contents:
  1. What Will the Cybersecurity Act of 2009 Do to Your Job and Business?
  2. Key Points in the Cybersecurity Act

Further analysis of the proposed Cybersecurity Act of 2009 raises more questions than it answers. Many parts of the cyber-security bill represent good ideas, some set up security patronage work and some create vast new systems of rules for how security professionals can do their jobs.

What Will the Cybersecurity Act of 2009 Do to Your Job and Business?
( Page 1 of 2 )

Not long after I wrote my column on the proposed cyber-security bills in the Senate,  the actual text of the legislation became available. As I wrote at the time, my analysis was based on various other materials about the bill made public by the Commerce Committee and sponsoring senators.

Now the text is available in many places, including OpenCongress:

S.778 is short and to the point: the national cybersecurity advisor is an assistant to the president, subject to confirmation by the Senate, has specific duties with respect to advising the president and approval of cyber-security budget items, and has security clearance in relevant matters.

S.773 is where the meat is. It starts out with a collection of provocative quotes from reports and consultants on how vulnerable we are, which is undoubtedly true, although there is the usual hysteria in there with references to 9/11 and a "cyber-Katrina," whatever that is.

The main thing I looked for at first was some guidance about what networks and systems would be subject to oversight by this act. The press materials only referred to government networks and "critical infrastructure" with some examples, but no real definition. No doubt by sheer coincidence, a story in the Wall Street Journal last week asserted (with anonymous quotes but no actual facts) that the U.S. power grid had been hacked by "foreign spies."

The security of such systems, and generally of "SCADA" systems, even if they are privately held, is certainly a national security matter. Concern over this problem is hardly new, nor are vague, unsubstantiated and impossible-to-investigate rumors about it.

What else might qualify for control by the federal government under this bill? Here is the language:

State, local, and nongovernmental information systems and networks in the United States designated by the President as critical infrastructure information systems and networks.

So we won't know what it is until the president says. He can designate bank networks, perhaps critical common carriers, or whatever else he thinks is critical. Then, in the event of "cyber-attack," he can order those shut off or disconnected. I think Congress owes it to us to put a more solid definition in the bill so that it can be discussed in hearings, on the record, rather than letting the president decide unilaterally.








 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Larry Seltzer
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 10
 
Close this advertisement