Cybersecurity Act Stall May Mean Executive Order to Protect Critical Infrastructure Networks
With the Cybersecurity Act stalled out in Congress, President Obama is potentially looking to use his executive power to mandate controls to protect computer networks. According to InfoWorld, many of the legislation's opponents were Senate Republicans who cited the act as far too regulatory and disagreed with the amount of authority it gives the Department of Homeland Security.
The act, originally sponsored by Senators Joseph Lieberman (CT-I) and Susan Collins (R-ME), is intended to protect critical computer networks from attack by implementing a set of cybersecurity standards for critical infrastructure owners. According to Infoworld, the bill would also require certain government agencies to go through a yearly security certification process and give private corporations who choose to do the same liability protection. One major hope was that as a result of this, government agencies and private companies would be encouraged to share information with each other about cyber threats.
For better or for worse, the act has gone through several revisions, many at the behest of Republicans in Congress and privacy groups who deemed aspects of the bill far too overreaching when it came to personal privacy. The US Chamber of Commerce also opposed the act citing it burdensome and ineffective for businesses. In the end, the Cybersecurity Act needed 60 votes to move forward, but ultimately fell short with a 52–46 loss.
But that doesn't mean the issue of cybersecurity is dead in the water for the Obama administration. According to a an email by White House press secretary, Jay Carney, that was quoted in The Hill, "In the wake of congressional inaction and Republican stall tactics, unfortunately, we will continue to be hamstrung by outdated and inadequate statutory laws that the legislation would have fixed. Moving forward, the president is determined to do absolutely everything we can to protect our nation against today's cyber threats and we will do that." White House Security Advisor John Brennan also intimated via a quote on Reuters that the president is considering exacting his executive power, although he was mum on exact details.
As it stands, the Internet has become almost a modern day Wild West, with uneven protocols and standards that do little to protect midsize businesses and even government agencies from the threat of hacking. It's protection versus privacy, with both sides at a risk of losing out. IT must be on constant alert as threats of new malware, phishing scams and hacking rings are on the rise daily.
Though the stalled-out act focused on critical infrastructures like banks, and the departments of water and power, some sort of cybersecurity legislation (and one that isn't just optional as many of the protocols are now) across the board could take some of the burden off of IT (at midsize enterprises, or any level) when it comes to backend network security, letting them concentrate their focus on managing devices. But on the flip side, it needs to be legislation that doesn't end up infringing on consumer privacy as a result. There must be a balance somewhere between the two and hopefully a solution will be found sooner rather than later.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.