Congress is no stranger to cybersecurity laws; it’s just a stranger to writing them correctly. Currently there is a new bill designed to promote cybersecurity training for congressional staffers. That’s the good news. The bad news is that it is doomed to fail for all the same reasons most corporate training fails.

If those who write cybersecurity bills would spend a few minutes listening to industry experts in the training industry, they would learn that effective cybersecurity training requires first the unlearning of “good habits” like holding doors open for strangers or responding quickly for requests to help. Instead, cybersecurity training says the person being asked to do the “good deed” must first ensure that the asker has the right to make the request and can be authenticated by the corporate security system.

H. Res. 355 calls for annual cybersecurity training that likely will include everything from phishing and social engineering to business email compromises and cybersecurity hygiene. Will it include all the nuanced training employees need to know not to be tricked into launching malware or being subject to a social engineering attack? Of course not; you can’t do all of that in a single, annual session.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.