Cybersecurity News

As Labor Day looms and the congressional summer recess nears its end, Sen. Tom Carper (D-DE) announced that the Senate may consider attaching cybersecurity legislation to a defense bill in order to assure its passage before the November midterm elections, an article by GovInfoSecurity reported.

According to Sen. Carper, enacting a cybersecurity provision with a defense bill, such as the National Defense Authorization Act, could be made easier, as both “the chairman and ranking minority member of the Armed Services Committee – Sens. Carl Levin, (D-MI) and John McCain (R-AZ) – also serve on the Homeland Security and Governmental Affairs Committee.”

“It’s hard to get a measure like cybersecurity legislation passed on its own,” Carper advised.  “It’s more of a national security issue that we ought to do sooner rather than later… and I hope we will.”

But another national security issue could potentially spur a Senate debate and place a hold on Carper’s hopes for a cybersecurity provision passage.

That is, Deputy Defense Secretary William Lynn’s disclosure last week of the Pentagon’s 2008 cyber breach caused by an infected flash drive, which sent malicious code flying through the US Central Command’s computer network.

As news of the breach continues to draw attention from media, intelligence and tech types alike, the issue is sure to arise when Sen. Carper and the gang introduce their cybersecurity measure alongside any bill regarding national defense.

Meanwhile, it’s the Huffington Post that raises all the right questions, as the idea of public and private sector separation also comes to mind when considering the great divide of the information security debate:

The US Department of Defense employs half a million people, and it hasn’t been able to secure its systems. It may be appropriate for defense contractors to adopt some of the same cyberdefenses as the US military, but extending government military defenses to other companies beyond the .gov realm is not (nor is that solution suggested by Lynn). So how will a Cisco, Apple, or Genentech — to pick three powerhouses of US industry — with sixty-four thousand, sixteen thousand, and eleven thousand employees respectively — do it?

Solving this cybersecurity question is the 64 billion dollar question. How much of the intrusion detection and intrusion prevention systems designed by the US government is appropriate for use by US industry? Who should be controlling the systems? Should the technology be shared with multinational corporations? Openness is an issue. ”

Regardless, it seems time is running short, as Sen. Carper predicted that if a cybersecurity bill is not passed before the Nov. 2 vote, “prospects of passage during a lame-duck session of Congress would significantly dim [if] the Republicans pick up a significant number of seats.”

But despite the idea that an increase in GOP members could delay the action until January, Carper quickly added that he “didn’t think the GOP would make significant gains in the Senate come November.”

Additional cybersecurity news follows:

IMB X-Force: Cyber attack trends are worrisome (Federal News Radio)

Defense mergers on rise w/special focus on tech and cybersecurity (Washington Post)

Cybersecurity researcher finds scanning flaw in HP printers (USA Today)

Darpa’s star hacker looks to WikiLeak-proof Pentagon (Wired)

Tabloid hack attack on royals, and beyond (New York Times)

Sen. Carper addresses reasoning behind enhancing DHS infosec prowess (GovInfo Security)

Military must watch social media use for fear of phishing (Federal News Radio)

Turkey, Russia top list of riskiest Web surfing zones (ITWeb)

FCC must make ISPs crack down on spammers and malware (ComputerWorld)

Revealed: The Internet’s biggest security hole (Wired)

Malware’s role in fatal 2008 air crash (Government Computer News)

Indian government warns of attack by Pakistani hackers (The Times of India)