Search This Blog

Friday, June 18, 2010

'The Protecting Cyberspace As A National Asset Act of 2010'

Lieberman is at it again.

Senate Committee On Homeland Security.gov: LIEBERMAN, COLLINS, CARPER UNVEIL MAJOR CYBERSECURITY BILL TO MODERNIZE, STRENGTHEN, AND COORDINATE CYBER DEFENSES
Key elements of the legislation include:
1. Creation of an Office of Cyberspace Policy in the Executive Office of the President run by a Senate-confirmed Director, who will advise the President on all cybersecurity matters. The Director will lead and harmonize federal efforts to secure cyberspace and will develop a national strategy that incorporates all elements of cyberspace policy, including military, law enforcement, intelligence, and diplomatic. The Director will oversee all related federal cyberspace activities to ensure efficiency and coordination.
2. Creation of a National Center for Cybersecurity and Communications (NCCC) at the Department of Homeland Security (DHS) to elevate and strengthen the Department’s cyber security capabilities and authorities. The Director will regularly advise the President on efforts to secure federal networks. The NCCC will be led by a Senate-confirmed Director, who will report to the Secretary. The NCCC will include the United States Computer Emergency Response Team (US-CERT), and will lead federal efforts to protect public and private sector cyber and communications networks.
3. Updates the Federal Information Security Management Act (FISMA) to modernize federal agencies practices of protecting their internal networks and systems. With strong leadership from DHS, these reforms will allow agencies to move away from the system of after-the-fact paperwork compliance to real-time monitoring to secure critical systems.
4. Requiring the NCCC to work with the private sector to establish risk-based security requirements that strengthen cyber security for the nation’s most critical infrastructure that, if disrupted, would result in a national or regional catastrophe.
5. Requiring covered critical infrastructure to report significant breaches to the NCCC to ensure the federal government has a complete picture of the security of these sensitive networks. The NCCC must share information, including threat analysis, with owners and operators regarding risks to their networks. The Act will provide specified liability protections to owners/operators that comply with the new risk-based security requirements.Creation of a responsible framework, developed in coordination with the private sector, for the President to authorize emergency measures to protect the nation’s most critical infrastructure if a cyber vulnerability is being exploited or is about to be exploited. The President must notify Congress in advance before exercising these emergency powers. Any emergency measures imposed must be the least disruptive necessary to respond to the threat and will expire after 30 days unless the President extends them. The bill authorizes no new surveillance authorities and does not authorize the government to “take over” private networks.
6. Development of a comprehensive supply chain risk management strategy to address risks and threats to the information technology products and services the federal government relies upon. This strategy will allow agencies to make informed decisions when purchasing IT products and services.
7. Requiring the Office of Personnel Management to reform the way cyber security personnel are recruited, hired, and trained to ensure that the federal government has the talent necessary to lead the national cyber security effort and protect its own networks.

1 comment:

Jim Sande said...

He's the poster child for a one term limit.