The latest proposed Cyber Security Act has just been introduced. The original called for mandatory compliance. However, this latest bill merely calls for voluntary participation. Organizations now get incentives if they participate in the program. Compliance and participation are not required. Participants are eligible for these incentives if they can prove they have successfully met various standards reflecting “best practices.” (See Note 1).
The Cyber Security Act is designed to improve cyber security within the United States. The Act would allow for a united security infrastructure to ensure a safe and secure country in regards to cyber threats. The Cyber Security Act aims to “establish a multi-agency council … to lead cyber security efforts, including assessing the risks and vulnerabilities of critical infrastructure systems.” (See Note 1).
The overall goal is better organization and more open information sharing. Threat assessment and detection include everything from utilities and power grids to communication systems and disaster response. The goal is to have a linked and educated program with open dialogue between organizations.
The overreaching intentions and goals of the new bill are praiseworthy. They look good on paper and make for great rhetoric. Unfortunately, this revamped bill is a hollow shell of anything of real substance. It is being touted as a watered down “compromise bill,” and truthfully that is just what it is. It is politicians talking the talk but leaving no real impact.
An incentive based program to gain participation in something as serious as national cyber security is outrageous. Having anything less than mandatory compliance, in an area as serious as that of national cyber security, makes no sense. Without full compliance and participation there can be no fully competent and organized national infrastructure. Broken down lines of communication and unorganized efforts of tracking and identifying threats seems counterintuitive. Why would anything less than mandatory participation be included?
National security is paramount to a secure country and cyber security should receive no less of a focus than any other area with potential threats of infiltration and exploitation. In this day and age of highly advanced technology there needs to be an organized effort to protect the country. Full compliance and mandatory participation need to be included. Incentives are not enough.
For additional information please email Ian Friedman at ifriedman@faflegal.com or visit www.faflegal.com.
1. Dan Kaplan, Senate Intros Revised Security Bill to Appease Privacy Woes, SCMAGAZINE.COM (2012), http://www.scmagazine.com/senate-intros-revised-security-bill-to-appease….