Debate: Comprehensive cyber security legislation will happen in 2013
Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.
Craig Spiezle, executive director & president, Online Trust Alliance
With all indicators pointing to the imminent threat of cyber terrorism, I expect we will see the passage of cyber legislation within 12 months. Incidents are increasing in severity, targeting employees, vendors and government systems, putting critical infrastructure and the economy at risk.
The real challenge is the scope of legislation and speed of implementation. Security is only as strong as the weakest link, and left in its current state, our nation's cyber risk is unacceptable. Today, federal agencies have independent security standards for their services and vendors. Best practices, minimum standards, data sharing and collaboration are critical.
Fortunately we have seen a reconciliation of stakeholders. Assuming the remaining privacy concerns are addressed and trade groups take a broader view of the best interests of the ecosystem, passage will happen. Compounded by the threat of a presidential executive order, there is an increasing sense of urgency to find compromise. Partisan debate will succumb to reality and support balanced legislation.
Bradley Anstis, VP, product strategy, Total Defense
First, this is the industry that is supposed to be protecting us, and yet we are where we are. This industry is unfortunately dominated by big vendors that have the dangerous combination of large marketing and lobbying budgets coupled with antiquated technology.
Second, we must encourage and assist the critical infrastructure organizations to force organizations to meet minimum requirements. The fusions centers are in a great position to do this if only we could get it right and talk to the smaller, more innovative specialist vendors.
The minimum requirements have to evolve as the threat evolves and new attack techniques are discovered. I have to ask if hard-set, legislation-enforced minimum requirements are really going to help?