Cybersecurity News

There are “five critical flaws” in the Lieberman-Collins-Carper cybersecurity legislation. That’s according to Jeffrey Carr, who, in an article in Forbes today, said the bill, which passed in the Senate Homeland Security and Governmental Affairs Committee last week, should have us “very concerned.”

According to Carr, a cyber intelligence consultant for the US government, the bill: puts the power grid in the private sectors’ hands, leaving it vulnerable to an attack;  provides the President with cyber authority after an attack occurs, in lieu of being proactive;  provides specific power to the US-CERT, which was recently criticized for its lack of
manpower and authority;  enables energy companies to report, on their own time, if/when they have been attacked, further delaying government response and repair;  and fails to examine all potential sources, internally and internationally, capable of attacking the US.

The solution?  Another cybersecurity bill…

Though it may not be the right answer, Republican Senators Kit Bond and Orrin Hatch have introduced new legislation, the National Cyber Infrastructure Protection Act of 2010.

Laid out in a press release from Sen. Bond’s office, the bill focuses on three key items:  “First, Congress must set lanes in the road to protect our nation’s cyber security, but leave flexibility for the private sector and Government to adapt to changing threats.  Next, there must be one person who has real authority to coordinate our cyber security efforts across the federal government… Third, the Bond-Hatch bill creates a voluntary, public-private partnership, the Cyber Defense Alliance, to facilitate the flow of information about cyber threats and the latest technologies between the private sector and government.”

According to an article in The Hill, Sen. Bond believes, contrary to the views of Sens. Lieberman, Collins and Carper, that the DHS should not be in charge of the nation’s cybersecurity.  Rather, a “single, presidentially appointed, Senate-confirmed cybersecurity coordinator” in the Department of Defense is the senator’s suggestion.

Acknowledging the ever-increasing number of cyber bills in the House and Senate, Bond advised, “We need a single point of contact controlling cybersecurity and a forum for the private sector to share information, threat warnings and best practices.”

A full-text version of the Bond-Hatch bill can be found here (PDF).