Cyber Security Compliance Unit to Be Set Up to Establish Standards to Face Security Risks

A new Cyber Security bill was introduced in IT security legislation. A new division for cyber security compliance will be created within the Department of Homeland Security (DHS) under the Homeland Security Cyber and Physical Infrastructure Protection Act of 2010. It will manage the set up of performance-based standards to tackle particular security risks faced by the nation’s critical infrastructure information networks and IT systems of civilian federal government agencies.

 

DHS will need to develop security plans according to the set standards in collaboration with critical infrastructure operators (mostly privately owned). This move necessitates threat intelligence information sharing by the DHS with these operators.

 

"From a security and good-government standpoint, the way to deliver better cyber security is to leverage, modify, and enhance existing structures and efforts, rather than make wholesale bureaucratic changes," House Homeland Security Committee Chairman Bennie Thompson, D-Miss., said in a statement. "This bill will make our Nation more secure and better positions DHS - the 'focal point for the security of cyberspace' - to fulfill its critical homeland security mission."

 

In March 2010, the Cybersecurity Act (S.773) was proposed for legislation. This is a revision to a version introduced the previous year. This seeks to encourage close cooperation between private sector companies and the government to improve cyber security pertaining to the critical infrastructure of the country.

 

Several provisions in the bill are designed to foster cyber security workforce growth through training and certification, encourage and fund research and development of new security technologies, and promote cyber security issues public awareness.

The revised bill recommends the President’s cooperation with critical infrastructure industries to formulate an appropriate response in a cyber crisis as opposed to the controversial, earlier version of the bill, which would have given the president near complete authority to disconnect private and government networks from the Internet in the event of a cyber emergency.

 

Section 706 of the Communications Act of 1934 provides nearly unchecked authority to the President to “cause the closing of any facility or station for wire communication” and “authorize the use of control of any such facility or station” by the Federal government. Exercise of the authority requires no advance notification to Congress and can be authorized if the President proclaims that “a state or threat of war” exists. The authority can be exercised for up to six months after the “state or threat of war” has expired."