Debate: Comprehensive cyber security legislation will happen in 2013

Share this article:

Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.


Craig Spiezle, 
executive director & president, Online Trust Alliance

With all indicators pointing to the imminent threat of cyber terrorism, I expect we will see the passage of cyber legislation within 12 months. Incidents are increasing in severity, targeting employees, vendors and government systems, putting critical infrastructure and the economy at risk.

The real challenge is the scope of legislation and speed of implementation. Security is only as strong as the weakest link, and left in its current state, our nation's cyber risk is unacceptable. Today, federal agencies have independent security standards for their services and vendors. Best practices, minimum standards, data sharing and collaboration are critical.

Fortunately we have seen a reconciliation of stakeholders. Assuming the remaining privacy concerns are addressed and trade groups take a broader view of the best interests of the ecosystem, passage will happen. Compounded by the threat of a presidential executive order, there is an increasing sense of urgency to find compromise. Partisan debate will succumb to reality and support balanced legislation.


Bradley Anstis,
VP, product strategy, Total Defense

While I applaud the intention behind this, one has to wonder if the proposed legislation has the basics right. We have an issue with cyber security. Yes, we are vulnerable and exposed, but the idea of relying on the security industry to propose the minimum standards to be enforced has two problems. 

First, this is the industry that is supposed to be protecting us, and yet we are where we are. This industry is unfortunately dominated by big vendors that have the dangerous combination of large marketing and lobbying budgets coupled with antiquated technology. 

Second, we must encourage and assist the critical infrastructure organizations to force organizations to meet minimum requirements. The fusions centers are in a great position to do this if only we could get it right and talk to the smaller, more innovative specialist vendors. 

The minimum requirements have to evolve as the threat evolves and new attack techniques are discovered. I have to ask if hard-set, legislation-enforced minimum requirements are really going to help?

Share this article:

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.