Content

Debate: Comprehensive cyber security legislation will happen in 2013

,

Debate: A White House order on cyber security would be a step in the right direction for safeguarding networks.

FOR


Craig Spiezle, 
executive director & president, Online Trust Alliance

With all indicators pointing to the imminent threat of cyber terrorism, I expect we will see the passage of cyber legislation within 12 months. Incidents are increasing in severity, targeting employees, vendors and government systems, putting critical infrastructure and the economy at risk.

The real challenge is the scope of legislation and speed of implementation. Security is only as strong as the weakest link, and left in its current state, our nation's cyber risk is unacceptable. Today, federal agencies have independent security standards for their services and vendors. Best practices, minimum standards, data sharing and collaboration are critical.

Fortunately we have seen a reconciliation of stakeholders. Assuming the remaining privacy concerns are addressed and trade groups take a broader view of the best interests of the ecosystem, passage will happen. Compounded by the threat of a presidential executive order, there is an increasing sense of urgency to find compromise. Partisan debate will succumb to reality and support balanced legislation.


AGAINST


Bradley Anstis,
VP, product strategy, Total Defense

While I applaud the intention behind this, one has to wonder if the proposed legislation has the basics right. We have an issue with cyber security. Yes, we are vulnerable and exposed, but the idea of relying on the security industry to propose the minimum standards to be enforced has two problems. 

First, this is the industry that is supposed to be protecting us, and yet we are where we are. This industry is unfortunately dominated by big vendors that have the dangerous combination of large marketing and lobbying budgets coupled with antiquated technology. 

Second, we must encourage and assist the critical infrastructure organizations to force organizations to meet minimum requirements. The fusions centers are in a great position to do this if only we could get it right and talk to the smaller, more innovative specialist vendors. 

The minimum requirements have to evolve as the threat evolves and new attack techniques are discovered. I have to ask if hard-set, legislation-enforced minimum requirements are really going to help?


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.