Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Call for tighter cyber security regulations

Cyber Secure Institute : 16 March, 2009  (Technical Article)
Cyber Secure Institute lobbies Chairman of cyber security subcommittee for homeland security on regulations for Government and critical infrastructure
The Cyber Secure Institute has released a letter to Congresswoman Yvette Clarke, Chairman of the House Subcommittee on Emerging Threats, Cybersecurity, Science and Technology, Committee on Homeland Security calling for new rules and incentives on government and the private sector to advance cybersecurity.

Rob Housman, the Executive Director of the Institute said, "We fully agree with Chairman Clarke's view that new rules and incentives are required to drive cyber security." The letter outlines what the Institute thinks such new rules need to look like:

'. . . [T]o be effective such legislation needs to be based upon objective, performance- and evidence-based standards . . . .

Such legislation could and should be:

* Based on the NIAP-NSA certification program, which offers an objective technology and performance-based evaluation process.
* Mandatory for both government and private sector critical infrastructure IT systems.
* Phased-in but within an expedited timeframe that recognizes the serious present-day threats to our nation.
* Action forcing, driving the adoption of next generation technologies.
* Comprehensive and strong, including, for example, oversight provisions to ensure such standards, once promulgated, are actually implemented.
* Accompanied by both transition and technical assistance."

The Institute also backs the Chairman's call for new incentives and offers recommendations on how they should be applied, stating:

"We would stress that any such incentives must be tailored to meet the goal of driving technological change and a new cyber secure end state. They should not be available to offset just any new IT security spending—helping companies deploy more patches will not change our nation's level of security. Rather, such incentives should be available solely for the deployment of high-level certified, inherently secure technologies."

The letter also emphasizes that absent such new requirements little will change and the nation will remain unacceptably at risk:

" . . . [G]ains in cybersecurity to date have been marginal at best. At a time when we require bold action, we instead find ourselves caught up in a Sisyphean struggle - the endless cycle of hack and patch trying to fix legacy systems that are, at best, inherently insecure. . . . [C]hange will not come on its own, unprompted. To be blunt, we have tried the laissez-faire approach to cyber security and it has gotten us only so far; it is now time to drive technological progress."
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo