Debate: Comprehensive cyber security legislation will happen in 2013

Share this article:

Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.

FOR


Craig Spiezle, 
executive director & president, Online Trust Alliance

With all indicators pointing to the imminent threat of cyber terrorism, I expect we will see the passage of cyber legislation within 12 months. Incidents are increasing in severity, targeting employees, vendors and government systems, putting critical infrastructure and the economy at risk.

The real challenge is the scope of legislation and speed of implementation. Security is only as strong as the weakest link, and left in its current state, our nation's cyber risk is unacceptable. Today, federal agencies have independent security standards for their services and vendors. Best practices, minimum standards, data sharing and collaboration are critical.

Fortunately we have seen a reconciliation of stakeholders. Assuming the remaining privacy concerns are addressed and trade groups take a broader view of the best interests of the ecosystem, passage will happen. Compounded by the threat of a presidential executive order, there is an increasing sense of urgency to find compromise. Partisan debate will succumb to reality and support balanced legislation.


AGAINST


Bradley Anstis,
VP, product strategy, Total Defense

While I applaud the intention behind this, one has to wonder if the proposed legislation has the basics right. We have an issue with cyber security. Yes, we are vulnerable and exposed, but the idea of relying on the security industry to propose the minimum standards to be enforced has two problems. 

First, this is the industry that is supposed to be protecting us, and yet we are where we are. This industry is unfortunately dominated by big vendors that have the dangerous combination of large marketing and lobbying budgets coupled with antiquated technology. 

Second, we must encourage and assist the critical infrastructure organizations to force organizations to meet minimum requirements. The fusions centers are in a great position to do this if only we could get it right and talk to the smaller, more innovative specialist vendors. 

The minimum requirements have to evolve as the threat evolves and new attack techniques are discovered. I have to ask if hard-set, legislation-enforced minimum requirements are really going to help?


Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Me and my job: Michael Canavan, Kaspersky Lab North America

Me and my job: Michael Canavan, Kaspersky Lab ...

We catch up and learn a bit more about Michael Canavan, senior director, systems engineering, Kaspersky Lab North America.

Embracing BYOD...with safeguards

Embracing BYOD...with safeguards

It's possible to safely manage the security risks posed by BYOD, says Anders Lofgren at Acronis Access.

Becoming a "security thinker"

Becoming a "security thinker"

Active security thinking ensures that we don't simply perpetuate security folklore.