Light Dark
March 26, 2015 By Rick M Robinson 2 min read
Government

In his State of the Union address in late January, US President Barack Obama proposed a package of legislation designed to strengthen cybersecurity measures and enforcement against cybercriminals. In particular, the proposed cybersecurity legislation calls on firms to provide information on security breaches to the Department of Homeland Security and allows prosecution for the sale of botnets used in cybercrime as well as court action against denial-of-service (DoS) attacks.

With both houses of Congress in the hands of the Republicans, legislative proposals can expect close scrutiny. Some aspects of information policy, from government cyber surveillance to net neutrality, are controversial subjects on Capitol Hill. However, amid a rising tide of cybercrime, including high-profile attacks on businesses, the prospects of bipartisan support for cybersecurity legislation are substantial.

Prominent Attacks Help Set the Stage

According to The New York Times, Obama’s cybersecurity proposals were sparked by recent cyberattacks that have rocked both the business and government sectors. These attacks have also demonstrated that the lines between cybercrime and cyberwar are increasingly blurring.

As Obama told congressional leaders at a White House meeting, the attacks indicate “how much more work we need to do, both public and private sector, to strengthen our cybersecurity to make sure that families’ bank accounts are safe, to make sure that our public infrastructure is safe.”

Protection for Firms, Prosecution for Cybercriminals

The proposed legislative package includes measures calling on victimized firms to be more forthcoming about security breaches. For providing the Department of Homeland Security with such information as Internet addresses and routing protocols, firms would be given targeted liability protection as long as they took measures to protect the personal information of consumers.

Additionally, the White House proposal would criminalize the sale of botnets — networks of computers controlled by furtively installed malware — used to perpetrate hacks. The courts would also receive authority to shut down sites responsible for DoS attacks and other types of fraudulent cyberactivity.

Threats Could Generate Bipartisan Support for Cybersecurity Legislation

With a Democratic president and Republicans controlling both houses of Congress, proposals from the White House can expect tough scrutiny on Capitol Hill, where Republicans are often skeptical of measures that might affect businesses. Political furnaces are further stoked by the 2016 presidential election, for which both parties are already gearing up. However, as noted by Britain’s BBC News, the prospects for bipartisan action on cybersecurity legislation may be increasingly favorable.

The risks to firms from advanced threats and other forms of cyberattacks have generated a growing consensus within the business community that broader action is needed on the cybersecurity front. Enterprises can no longer effectively protect themselves in isolation — security partnerships, including public-private alliances, have become a necessity.

 |  |  |  | 
Rick M Robinson

More from Government
August 14, 2024

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

May 30, 2024

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature