Senate Debates DHS' Role in Cybersecurity Regulation

March 22, 2012

Two competing bills are sharply dividing lawmakers in Washington D.C. as they attempt to define how the Department of Homeland Security should regulate cybersecurity in privately owned critical systems, according to an article in the Federal Times.

Legislation from Sen. Joe Lieberman, I-Conn., argues that many privately owned critical systems, such as those that run utilities or chemical plants, are not secure and require federal regulation, the article says. Sectors such as banking, finance and nuclear power already are required by law to meet specific cybersecurity standards, but the water industry and some subsectors of the energy industry (oil and natural gas) are not subject to federal rules. Their efforts to address cyber vulnerabilities are voluntary.

The bill would authorize DHS to create and regular security standards for certain privately owned systems that, if attacked, would likely cause death, severe economic damage or harm to national security, the article says. Companies that can prove they are secure, however, would be exempt.

"We think we are talking about a very small number of companies — probably in the low thousands — that would be [regulated]," said a senior cybersecurity DHS official in the article. "It is not by any manner all the companies."

The bill would also require the DHS and Defense secretaries and national intelligence director to designate federal and nonfederal entities as "cybersecurity exchanges" to encourage the sharing of classified and unclassified cyber threat data, building on existing cybersecurity arrangements between DHS, industry and other federal agencies, the official said.

On the other side of the debate is a bill set forth by Sen. John McCain, R-Ariz., and seven Republican co-sponsors on March 1. This bill promotes voluntary information sharing of cyber threats between government and industry agencies through existing partnerships, refusing new regulatory authority to the DHS, the article says.

"A super-regulator like DHS would impact free-market forces," said McCain at a hearing.

Central concerns from the article against Lieberman's bill include:

DHS might overstep boundaries as a regulator
Regulations might not change fast enough to keep up with new and evolving cyber threats
Regulations might hinder adoption of innovative technology

According to the article, the Lieberman bill would not require companies to submit cybersecurity plans to DHS and there would be no on-site inspections, except for certain cases, the DHS official said. Security requirements for covered critical infrastructure would focus on whether said networks are secure and not how companies choose to meet security standards. The bill also requires companies to self-certify their cybersecurity annually or have a third party assess it, Federal Times reports.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Senate Debates DHS' Role in Cybersecurity Regulation

Related Articles

Related Products

Report Abusive Comment