House panel OKs law addressing cyberstandards
The proposed Cybersecurity Coordination and Awareness Act, approved Wednesday by the House Subcommittee on Technology and Innovation, would also require NIST to develop and implement a cybersecurity awareness and education program and engage in research and development to improve identity management systems. Also, it would amend the Cybersecurity Research and Development Act to update technical terms.
The proposed legislation was drafted by staff of the House Committee on Science and Technology to implement some of the recommendations in the 60-day Cyberspace Policy Review, a report released this May that outlines the federal government's new approach to securing cyberspace. According to the review, international standards are needed for the investigation and prosecution of cybercrime, the approaches for network defense and response to cyberattacks.“The Cyberspace Policy Review recommended coordination of U.S. government representation in international cybersecurity technical standards development,” Subcommittee Chairman Rep. David Wu, D-Ore., said in his opening statement Wednesday. “Currently, responsibilities are parsed among different agencies without any consistent policy. A coordinated policy will ensure that these representatives operate with the overarching need of the U.S. infrastructure in mind.”
The proposed legislation would require NIST to coordinate U.S. representation with regard to international cybersecurity standards development and create a plan to engage with international organizations to develop standards.
Currently there are more than a dozen international organizations that develop policies related to cybersecurity including the United Nations, NATO and the International Organization for Standardization (ISO).
As part of the proposed legislation, NIST would also be required to work with federal agencies, industry and educational institutions to create easy-to-understand cybersecurity standards and best practices as part of an awareness program to increase the public understanding of cyberthreats.
Also, NIST would be required to establish a research-and-development program focused on strengthening the security of identity management systems.The proposed legislation now will move to the full House Committee on Science and Technology.