Advancing Cybersecurity in the U.S. Senate

Maryam Cope photo

In the past year, U.S. cybersecurity policy has taken significant steps forward, moving away from proposed regulation-heavy regimes to a framework that embraces innovation as central to effective cyber protections.  Most recently, President Obama’s cyber executive order (EO) and the House-passed Cyber Intelligence Sharing and Protection Act each focus on voluntary, collaboratively developed standards and best practices to reduce cyber risks to critical infrastructure.  And now, the Senate has taken this approach a step further.

The tech sector has advocated consistently that efforts to improve cybersecurity must:

  • Leverage public-private partnerships and build upon existing initiatives and resource commitments;
  • Be able to adapt rapidly to emerging threats, technologies, and business;
  • Properly reflect the borderless, interconnected, and global nature of today’s cyber environment (including global standards development);
  • Be based on risk management;
  • Focus on awareness; and,
  • More directly focus on bad actors and their threats.

Importantly, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Ranking Member John Thune, R-S.D., have introduced the Cybersecurity Act of 2013 which represents another important step that would advance cybersecurity policies that reflect positively on each of these core areas.  Their new cybersecurity legislation would take strong steps to protect U.S. citizens and critical infrastructure from cyber threats.  While their proposal still must undergo review first by the Senate, it’s a smart, effective approach that is founded on innovation-first principles -- key to any effective cyber shield. 

In several areas, the Rockefeller-Thune proposal builds on the efforts initiated with the president’s EO and supported by the tech sector.  For instance, the bipartisan legislation would direct the National Institute of Standards and Technology (NIST) to facilitate and coordinate the development of a “voluntary, industry-led set of standards” through cooperative efforts with the private sector.  The NIST process is central to the Administration’s cybersecurity initiative.  Earlier this month, NIST wrapped up its third workshop on the voluntary cybersecurity framework, a draft of which should be released this fall.

The legislation also would work to strike a balance between personal privacy and cybersecurity protections.  As we’ve said before, this balance is key to establishing effective security policy.  The Rockefeller-Thune proposal places a high priority on personal privacy and civil liberties protections by placing use-restrictions on any cyber threat information that the private sector shares with the federal government, and having the White House Office of Science and Technology Policy focus federal resources on, “methodologies to protect individual privacy and civil liberties.”

Last, but certainly not least, is the bill’s focus on public awareness of cybersecurity and cyber safety, including consumer education and digital literacy.  A rising tide lifts all boats, and given our increasingly networked world, consumers and businesses benefit greatly from greater knowledge and application of good cyber hygiene that minimize risks and vulnerabilities, and help to raise the overall bar for cybersecurity. 

Last year, the Senate struggled to achieve strong bipartisan support for major cybersecurity legislation.  With the Cybersecurity Act, Senators Rockefeller and Thune have come together as co-authors, putting the legislation at a good starting point to garner greater support from both sides of the aisle.  That’s essential if the Senate is to avoid the obstacles that cut short Senate cybersecurity efforts last summer. 

This bill has the right formula for success.  It’s built on voluntary, collaboratively developed global standards.  It embraces innovation-first security approaches.  It can be a model for other nations to follow.  It balances the need for privacy protections with the urgency of broader cyber protections.  It looks at next-generation products and services with robust support for R&D and workforce training.  And finally, with Senators Rockefeller and Thune joining in this bipartisan plan, the Senate is poised to thoroughly vet cyber legislation through the normal legislative process. 

A hearing today will take a look at ways to improve the legislation, but we think that Senator Rockefeller and Senator Thune have gotten off to a strong start.

Back
Share this post on:
8 comments
  • Orhan Sat., October 5, 8:10 PM
    knightwise Posted on Hey Godel Don't worry dude We have plenty of conetnt lined up for your listening and viewing pleasure. We just needed to fill up' on creative conetnt and take some time for the rebranding and all that. http://vmfqcsk.com [url=http://bvulurdcz.com]bvulurdcz[/url] [link=http://ecrknt.com]ecrknt[/link]
  • Mery Sat., October 5, 7:48 PM
    the important thing was to make sure that once the mainhces were connected to the network that it was secure and would not allow any unauthorized connections. And to use best practices .I had to laugh. Like any of that has worked out so far for corporations and governments If we could insure a connection was secure and could not allow any unauthorized connections, there probably wouldn't BE much of a security problem That said, the REAL vote fraud is done outside of the mainhces for the most part by manipulating districts, disenfranchising voters for dubious reasons, and in the last resort taking the mainhces in the back room without supervision and just changing the results without ANY hacking. http://zhligldmrzg.com [url=http://fgkfztclelf.com]fgkfztclelf[/url] [link=http://dcmbzkoam.com]dcmbzkoam[/link]
  • Fahmi Wed., October 2, 6:42 PM
    This is not new here either... We are and have been doing this near the mdldie of 2004.Every piece of electronic information is in storage... That is trillions of tiny pieces... It is preserved and anyone with access can go back and dig up pieces of one's past, to which even they have no record of...This opens probable cause wide open...Repeat this is not new... I have (although not for a while) illuminated where the access points are, the storage areas are, and the extent of the amount collected.There is a bright spot.. should we suffer an EMP, we could download our past history back into our user files..Without such, almost all learning stored electronically would be lost forever... We might vaguely remember something, but we could not access the detailed knowledge as we do today...We would instantly return to the 1930s,,So in essence even though our privacy can be violated simply at one's whim, as a scientist, if our society is to maintain it's current rate of its advanced application to data, this program needs to continue....Many complain about Tom Carper's move away from his elected values... The answer as to why, is buried in data currently kept hidden for a price...
  • Nwokolo Wed., October 2, 6:29 AM
    I agree with Richard you cannot epcxet security when you don't inspect security. Best practices are fluid because the types and severity of hacks are fluid. You also have to take a multi-layer, multi-factor approach to data security. In the case of these voting machines there is clear danger in terms of physical security, data security, and software security.Even on the physical side, it isn't enough to have detection methods in play you have to put procedures in place that ensure that physical access to the units is monitored, logged, and that the units are regularly inspected. We all know that physical detection methods for devices are constantly being bypassed or breached in much the same way that software gets hacked it's an evolutionary and conflict driven paradigm. Speaking to someone who installed and set up these machines I was dismayed at how little physical security there was many of these machines were put in the back of employee cars and left overnight outside hotels until they could be delivered the next morning. Shocking.If the makers, operators, and installers of these machines want to better ensure (note that I don't say guarantee because in the world of tech there simply are none) that these machines are secure hire a bunch of top notch hacking firms or independent hackers to identify the exploitable flaws. Then, come back to me and tell me I can more confidently rely on these systems. http://kreiieaxe.com [url=http://typlhg.com]typlhg[/url] [link=http://liuqydtym.com]liuqydtym[/link]
  • Geraldo Wed., October 2, 6:11 AM
    cheaper than hiring full time staffBaidu shows China pshniug forward mobile, cloud, maps and appsCTOvision.comBaidu shows China pshniug forward mobile, cloud, maps and apps ${esc.hash}igit_rpwt_css { http://fnqnmvkp.com [url=http://fzfqthll.com]fzfqthll[/url] [link=http://zpdtuax.com]zpdtuax[/link]
  • Cris Tue., October 1, 11:34 PM
    here is aneohtr way here is aneohtr way to make money,go to votemyvid com,sign up,upload your videos and then you vote for your video,get your friends and family to vote,most votes win,they have great prizes and cash giveaways ,its all free
  • Nerina Tue., October 1, 6:36 AM
    I've been looking for some nice blogs latley and this one just caught my eyes. Have a good day ahead. Such interesting content you have.
  • Alfia Tue., October 1, 5:19 AM
    under the collegial laihersdep of Phil. a0The paper and what we like about it was reviewed at: “Mature Models for Healthy and Resilient Cyber Systems.” Things we liked about that included the fact that the paper captured the importance of
(HTML not permitted)
Captcha
* - Required