Debate: Comprehensive cyber security legislation will happen in 2013

Share this article:

Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.

FOR


Craig Spiezle, 
executive director & president, Online Trust Alliance

With all indicators pointing to the imminent threat of cyber terrorism, I expect we will see the passage of cyber legislation within 12 months. Incidents are increasing in severity, targeting employees, vendors and government systems, putting critical infrastructure and the economy at risk.

The real challenge is the scope of legislation and speed of implementation. Security is only as strong as the weakest link, and left in its current state, our nation's cyber risk is unacceptable. Today, federal agencies have independent security standards for their services and vendors. Best practices, minimum standards, data sharing and collaboration are critical.

Fortunately we have seen a reconciliation of stakeholders. Assuming the remaining privacy concerns are addressed and trade groups take a broader view of the best interests of the ecosystem, passage will happen. Compounded by the threat of a presidential executive order, there is an increasing sense of urgency to find compromise. Partisan debate will succumb to reality and support balanced legislation.


AGAINST


Bradley Anstis,
VP, product strategy, Total Defense

While I applaud the intention behind this, one has to wonder if the proposed legislation has the basics right. We have an issue with cyber security. Yes, we are vulnerable and exposed, but the idea of relying on the security industry to propose the minimum standards to be enforced has two problems. 

First, this is the industry that is supposed to be protecting us, and yet we are where we are. This industry is unfortunately dominated by big vendors that have the dangerous combination of large marketing and lobbying budgets coupled with antiquated technology. 

Second, we must encourage and assist the critical infrastructure organizations to force organizations to meet minimum requirements. The fusions centers are in a great position to do this if only we could get it right and talk to the smaller, more innovative specialist vendors. 

The minimum requirements have to evolve as the threat evolves and new attack techniques are discovered. I have to ask if hard-set, legislation-enforced minimum requirements are really going to help?


Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in Opinions

Sign up to our newsletters

TOP COMMENTS

More in Opinions

Beware of the malware walking dead

Beware of the malware walking dead

This Hallows Eve might be a good time to remind ourselves that zombies can be just as deadly, and I'm referring to recycled tools and techniques from years gone by.

Why the Home Depot attack shouldn't have happened

Why the Home Depot attack shouldn't have happened

Major retailers are falling prey to massive credit card information heists, despite spending millions on cyber security systems.

Next-generation malware: Think like the enemy and avoid the car alarm problem

Next-generation malware: Think like the enemy and avoid ...

When it comes to enterprise security, one rule remains constant - attacks will continue to increase in sophistication and attackers will seek to outmaneuver existing defenses.