Compromise Bill in Senate Would Address Cyber Threats, Privacy

July 20, 2012

Compromise legislation introduced in the U.S. Senate on Thursday would bolster cyber threat assessment and permit the government to share information with American business under certain conditions, a step aimed at better protecting them from cyber attacks, according to an article from Reuters.

The bill, which is supported by President Barack Obama, is a bipartisan effort to unify approaches and address privacy concerns about information-sharing between the government and business interests linked to infrastructure networks, Reuters reports.

While he did note that no one has managed to damage or disrupt infrastructure networks so far, President Obama stated in an opinion piece published Friday in the Wall Street Journal that: “Foreign governments, criminal syndicates and lone individuals are probing our financial, energy and public safety systems every day. … It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries.”

Sen. Susan Collins, R-Maine, the top Republican on the Senate Homeland Security Committee and a co-sponsor of the bill, said experts have "repeatedly warned" the computer networks that run the electric grid, water systems, financial networks and transportation systems are vulnerable to cyber attack, according to the Reuters article.

A Homeland Security Department report earlier in July said it received 198 reports of suspected cyber incidents, or security threats, in 2011 – more than four times the 2010 level.

The report cited cases in which firms were infected with malicious software designed for espionage and fraud, Reuters reports. More than 40 percent of the incidents were from the water sector.

Moreover, President Obama said a water plant in Texas last year disconnected its controls from the Internet when a hacker posted pictures of the facility's internal controls. More recently, President Obama said, hackers penetrated networks of companies operating natural gas pipelines.

Congress has been debating the legislation, facing criticism from privacy advocates, who have called past measures overly intrusive. The Senate plan seeks to address that concern by creating a public-private partnership to set cyber security standards for critical infrastructure and offer some immunity from liability to those who meet them, the Reuters article says.

It would permit information-sharing between the private sector and the federal government on threats, incidents and solutions, while intending to preserve civil liberties and the privacy of users. Industry groups would be permitted to develop and voluntarily recommend approaches to mitigate risks to a multi-agency Cybersecurity Council, the article says.

Current regulators would continue to oversee their industry sectors.

In this webinar, we review the rise of cloud access control and access control as a service, its advantages and disadvantages, and how to select the optimal cloud access control solution for your company.

Security leaders need to accept and act on this reality and take measured and thoughtful steps to mitigate the risk and train staff about the growing likelihood of such violent incidents in their facilities and workplaces.