With the threat of attacks against the nation’s military and civilian cyber-infrastructure looming and increasing daily, lawmakers and officials alike are aware of the need for tough and robust legislation to shore up America’s cybersecurity posture.
“When it comes to cybersecurity,” he told the BSA luncheon, “the familiar ‘regulation versus leave it to the marketplace’ debates all hearings, right? It’s always one or the other, and it’s a very dangerous and false choice. The government cannot do this on its own, and neither can the private sector. We will only succeed if we work together, and continue to.”
Chairman Rockefeller says the overarching theme of S 773 is one of “shared responsibility”, reflected, he says, in the fact that both the public and private sectors need to contribute to the successful outcome of this bill.
Rockefeller told the BSA luncheon that because a federal cybersecurity bureaucracy will never be able to keep up with advances in technology, and because leaving things to the private sector alone will never work, he and his ranking member, Senator Olympia Snowe (R.-Maine) are trying to write a new model of what cybersecurity means.
The bill calls for developing a cybersecurity strategy and identifying the key roles and responsibilities of all the players, private and public, who will respond in a time of crisis. That starts with a Senate-confirmed National Cybersecurity Advisor who will answer directly to the President, coordinate the government’s cybersecurity efforts, and collaborate with the private sector. In particular, our bill provides for unprecedented information-sharing between the private sector and the government regarding threats and vulnerabilities, including access to classified threat information for cleared private sector executives. We also require detailed emergency response planning and rehearsals to clarify the roles, responsibilities and authorities in an emergency.
Rockefeller also addressed concerns by a number of privacy and “good government” groups that his cybersecurity bill constituted a wholesale “taking of the Internet” by the White House and the Executive Branch.
“Nothing could be further from the truth. We have worked closely with you and other stakeholders to refine the language. In case there is any remaining confusion, let me be clear: this bill does not create any new emergency powers for the President or anyone else in government. It simply requires all key players to get together ahead of a crisis and prepare. If we have a cyber-Katrina or a cyber-9/11, we want quick effective action – not bureaucratic confusion.”
The West Virginia Democrat says much of the success of his cybersecurity bill will depend on what industry brings to the table.
I think we can all agree that effective cybersecurity simply is not possible without a reliable mechanism to evaluate performance. We have yet to be presented with a viable alternative. So, we have built on the audit-based framework already used by many in the private sector. We expect that if the private sector takes the lead as laid out in our bill, the standards and certification will be flexible and dynamic, not bureaucratic and burdensome. For those who are still unhappy with our proposal, I welcome your ideas and alternatives. You must know genuine accountability is non-negotiable. It has to be, if this is going to work. It has to be.
Late yesterday afternoon, Commerce Secretary Gary Locke also addressed the BSA Forum. In his prepared remarks, Locke announced that the Commerce Department’s National Institute for Standards and Technology (NIST) has been asked to spearhead an interagency National Initiative for Cyber Education.
The initiative will include:
a public education campaign for cybersecurity awareness led by the Department of Homeland Security;
expansion of programs in cybersecurity technology, to be led by the The Department of Education and the Office of Science and Technology Policy in the White House;
new hiring strategies to insure agencies can hire the cybersecurity help it needs, led by the Office of Personnel Management;
and a government-wide push to improve ongoing training of the existing federal cybersecurity workforce.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)