Senate Debates DHS' Role in Cybersecurity Regulation

March 22, 2012

Two competing bills are sharply dividing lawmakers in Washington D.C. as they attempt to define how the Department of Homeland Security should regulate cybersecurity in privately owned critical systems, according to an article in the Federal Times.

Legislation from Sen. Joe Lieberman, I-Conn., argues that many privately owned critical systems, such as those that run utilities or chemical plants, are not secure and require federal regulation, the article says. Sectors such as banking, finance and nuclear power already are required by law to meet specific cybersecurity standards, but the water industry and some subsectors of the energy industry (oil and natural gas) are not subject to federal rules. Their efforts to address cyber vulnerabilities are voluntary.

The bill would authorize DHS to create and regular security standards for certain privately owned systems that, if attacked, would likely cause death, severe economic damage or harm to national security, the article says. Companies that can prove they are secure, however, would be exempt.

"We think we are talking about a very small number of companies — probably in the low thousands — that would be [regulated]," said a senior cybersecurity DHS official in the article. "It is not by any manner all the companies."

The bill would also require the DHS and Defense secretaries and national intelligence director to designate federal and nonfederal entities as "cybersecurity exchanges" to encourage the sharing of classified and unclassified cyber threat data, building on existing cybersecurity arrangements between DHS, industry and other federal agencies, the official said.

On the other side of the debate is a bill set forth by Sen. John McCain, R-Ariz., and seven Republican co-sponsors on March 1. This bill promotes voluntary information sharing of cyber threats between government and industry agencies through existing partnerships, refusing new regulatory authority to the DHS, the article says.

"A super-regulator like DHS would impact free-market forces," said McCain at a hearing.

Central concerns from the article against Lieberman's bill include:

DHS might overstep boundaries as a regulator
Regulations might not change fast enough to keep up with new and evolving cyber threats
Regulations might hinder adoption of innovative technology

According to the article, the Lieberman bill would not require companies to submit cybersecurity plans to DHS and there would be no on-site inspections, except for certain cases, the DHS official said. Security requirements for covered critical infrastructure would focus on whether said networks are secure and not how companies choose to meet security standards. The bill also requires companies to self-certify their cybersecurity annually or have a third party assess it, Federal Times reports.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 December

This month, Security magazine brings you the 2020 Guarding Report - a look at the ebbs and flows security officers and guarding companies have weathered in 2020, including protests, riots, the election, a pandemic and much more. Industry experts discuss access management and security challenges during COVID-19, GSOC complacency, the cybersecurity gap, end-of-year security career reflections and more!

View More Create Account

Senate Debates DHS' Role in Cybersecurity Regulation

Related Articles

Related Products

Report Abusive Comment