Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!

Guest Blog -- Information Technology Industry Council

The Senate and Cybersecurity: Finding a Path Forward

By Nilmini Rubin
Blog Logo
July 17, 2012

Will the Senate pass a cybersecurity bill?  That’s the major question looming this week as the time for congressional action in 2012 shrinks.  While the House of Representatives passed a package of cybersecurity bills with bipartisan support, Senators seem to be struggling to find their own bipartisan agreement that can win the support of at least 60 members – the key threshold to pass just about any important Senate bill these days. 

 A number of Senate options are being hammered out, from the initial Lieberman-Collins bill, to the revamped SECURE IT Act offered by Senators Hutchison and McCain, to the latest entry – the Whitehouse-Kyl proposal.  Senator Lieberman reportedly is considering wrapping pieces of Whitehouse-Kyl into his bill before it gets to the floor.  Each proposal has good elements, but none, to date, has garnered the support necessary to win Senate approval. 

 ITI and our member companies have met repeatedly during the past few months with Senators and their staffs, working to shape an enhanced cybersecurity structure for the United States that will best protect individuals and the country alike.  We believe the heart of any updated approach should be a smart, strong information sharing system that is adaptable to meet constantly changing dangers.  We’ve been pleased with the response from Senators to our ideas, and look forward to continuing discussions as the proposals move to the full Senate for debate and votes.

Given the effort to reach agreement, we thought it a good time to step back and reinforce the core principles that the tech sector believes should be included in any cyber proposal.  The tech sector outlined these guideposts last year, and just recently, ITI, DIGITALEUROPE, and the Japan Electronics and Information Technology Industries Association (JEITA) joined together on a similar set of international cyber principles.  Both of these documents focus on core issues of collaboration, interoperability, and proactive protections that focus on building awareness and sharing information.

We believe that efforts to improve U.S. cybersecurity must:

  • Leverage public-private partnerships and build upon existing initiatives and resource commitments;
  • Be able to adapt rapidly to emerging threats, technologies, and business;
  • Properly reflect the borderless, interconnected, and global nature of today’s cyber environment;
  • Be based on risk management;
  • Focus on awareness; and
  • More directly focus on bad actors and their threats.

 These priorities get to the heart of what cybersecurity really is, namely, personal security.   Personal information – names, addresses, Social Security numbers, credit card info, and so on – represent 95 percent of all the data compromised by cyber intrusion.  Criminals then use the data for identity theft, phishing campaigns, and other fraud.  New breeds of cybercriminals, hacktivists, and rogue nations have become adept at exploiting the vulnerabilities of our digital world, placing consumer information as well as private and government data and proprietary systems at risk.  This includes critical infrastructure

In the United States, 85 percent of critical infrastructure is owned and operated by private industry.  A significant portion of that infrastructure traditionally had never been connected to the Internet.  Rather, it existed in a closed “air gap” structure -- a protected world in which only a handful of people had access and that usually required getting through physical security parameters.  Removed from the Internet, these stand-alone systems very easily stymied would-be cyber intruders because there was no way to reach these systems remotely.  But today, many operators have connected critical infrastructure systems to the Internet to gain some key benefits, such as remote management or increased functionality. 

A good example is the Smart Grid, which allows electricity companies and their consumers to better understand and manage electricity consumption online.  But these benefits also have brought trade-offs.  Now, instead of a handful of people with access to these systems, in theory the billions of computer users online could access them with the right know-how.  That puts a new priority on the cyber protections that we collectively dedicate to these potential targets. 

In this world, with so much critical infrastructure connected to – and even dependent upon – the Internet, we need to make sure that critical infrastructure operators understand the threats they face, the responsibilities they carry, and the opportunities that they have to work in collaboration with other sectors and the government to improve the cybersecurity and resiliency of these critical infrastructures.  

Congress can pass legislation to help operators better understand and address these threats without relying on a heavy-handed, regulatory approach.  Such regulation could create siloed, bureaucratic structures, putting cyber defenses at a disadvantage because the various groups responsible for security would have limited coordination and be too slow.  One group may be watching for events, but not have complete information on digital assets being targeted.  Moreover, cyber intrusions and other incidents in today’s environment often come from multiple points and, while they are IT-based, they can combine technical tactics with social engineering or even physical access to a facility.  Security teams cannot rely on regulators to accurately interpret and respond to multi-modal intrusions.  They need to be able to identify a threat and counter it quickly – not after government forms are filled out and approved in triplicate.

 

This was originally posted on July 17, 2012, to the Information Technology Industry Council website here. It has been reposted with permission.

KEYWORDS: cyber defense cyber security legislation

Share This Story

Rubin

Nilmini Rubin is the director of government relations for the Information Technology Industry Council. 

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Fountain pen

Trump Administration Executive Order Changes Cybersecurity Policy

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing