The New Cyber Security Bill
June 22nd 2010 21:14
Okay here is the next major bill that is being written and discussed in
the Senate. Some strange authors on this bill are Joe Lieberman,
Independent from Connecticut, Susan Collins (Republican) from Maine and
Tom Carper Republican from Delaware. Here is one of the versions of the
bill
Really Long Link
Ns8btpeEBsW-oEJLfZ-h17E07*Hqb jyxfG7uftXUCyDAWaYaIl/S3480.p df
And the very first section introduces a new government office.
TITLE I--OFFICE OF CYBERSPACE POLICY
SEC. 101. ESTABLISHMENT OF THE OFFICE OF THE OFFICE OF CYBERSPACE
POLICY.
(a) Establishment of Office- There is established in the Executive
Office of the President an Office of Cyberspace Policy which shall--
(1) develop, not later than 1 year after the date of enactment of this
Act, and update as needed, but not less frequently than once every 2
years, a national strategy to increase the security and resiliency of
cyberspace, that includes goals and objectives relating to--
(A) computer network operations, including offensive activities,
defensive activities, and other activities;
(B) information assurance;
(C) protection of critical infrastructure and key resources;
(D) research and development priorities;
(E) law enforcement;
(F) diplomacy;
(G) homeland security; and
(H) military and intelligence activities;
(2) oversee, coordinate, and integrate all policies and activities of
the Federal Government across all instruments of national power relating
to ensuring the security and resiliency of cyberspace, including--
(A) diplomatic, economic, military, intelligence, homeland security, and
law enforcement policies and activities within and among Federal
agencies; and
(B) offensive activities, defensive activities, and other policies and
activities necessary to ensure effective capabilities to operate in
cyberspace;
(3) ensure that all Federal agencies comply with appropriate guidelines,
policies, and directives from the Department of Homeland Security, other
Federal agencies with responsibilities relating to cyberspace security
or resiliency, and the National Center for Cybersecurity and
Communications; and
(4) ensure that Federal agencies have access to, receive, and
appropriately disseminate law enforcement information, intelligence
information, terrorism information, and any other information (including
information relating to incidents provided under subsections (a)(4) and
(c) of section 246 of the Homeland Security Act of 2002, as added by
this Act) relevant to--
(A) the security of the Federal information infrastructure or the
national information infrastructure; and
(B) the security of--
(i) information infrastructure that is owned, operated, controlled, or
licensed for use by, or on behalf of, the Department of Defense, a
military department, or another element of the intelligence community;
or
(ii) a national security system.
(b) Director of Cyberspace Policy-
(1) IN GENERAL- There shall be a Director of Cyberspace Policy, who
shall be the head of the Office.
(2) EXECUTIVE SCHEDULE POSITION- Section 5312 of title 5, United States
Code, is amended by adding at the end the following:
`Director of Cyberspace Policy.'.
Outside of the new government office here are the other key elements of
the bill as found on the Senate webpage at
Really Long Link
ontentRecord_id=42e2542c-5056 -8059-7604-87cb5518d790
2. Creation of a National Center for Cybersecurity and Communications
(NCCC) at the Department of Homeland Security (DHS) to elevate and
strengthen the Department's cyber security capabilities and authorities.
The Director will regularly advise the President on efforts to secure
federal networks. The NCCC will be led by a Senate-confirmed Director,
who will report to the Secretary. The NCCC will include the United
States Computer Emergency Response Team (US-CERT), and will lead federal
efforts to protect public and private sector cyber and communications
networks.
3. Updates the Federal Information Security Management Act (FISMA) to
modernize federal agencies practices of protecting their internal
networks and systems. With strong leadership from DHS, these reforms
will allow agencies to move away from the system of after-the-fact
paperwork compliance to real-time monitoring to secure critical systems.
4. Requiring the NCCC to work with the private sector to establish
risk-based security requirements that strengthen cyber security for the
nation's most critical infrastructure that, if disrupted, would result
in a national or regional catastrophe.
5. Requiring covered critical infrastructure to report significant
breaches to the NCCC to ensure the federal government has a complete
picture of the security of these sensitive networks. The NCCC must
share information, including threat analysis, with owners and operators
regarding risks to their networks. The Act will provide specified
liability protections to owners/operators that comply with the new
risk-based security requirements.Creation of a responsible framework,
developed in coordination with the private sector, for the President to
authorize emergency measures to protect the nation's most critical
infrastructure if a cyber vulnerability is being exploited or is about
to be exploited. The President must notify Congress in advance before
exercising these emergency powers. Any emergency measures imposed must
be the least disruptive necessary to respond to the threat and will
expire after 30 days unless the President extends them. The bill
authorizes no new surveillance authorities and does not authorize the
government to "take over" private networks.
6. Development of a comprehensive supply chain risk management strategy
to address risks and threats to the information technology products and
services the federal government relies upon. This strategy will allow
agencies to make informed decisions when purchasing IT products and
services.
7. Requiring the Office of Personnel Management to reform the way cyber
security personnel are recruited, hired, and trained to ensure that the
federal government has the talent necessary to lead the national cyber
security effort and protect its own networks.
As I said the key elements I got from the Senate Web page. The URL is
Really Long Link
ontentRecord_id=227d9e1e-5056 -8059-765f-2239d301fb7f
It is important to know where the information comes from so you are
aware of the bias it takes. I try and get information from all sides
but I primarily want to be an advocate for making the bills accessible
so that you can read them, form your own opinion and then contact your
senators and congressmen and or congresswomen. Tell them how you want
them to vote on the issues that are important to you. This is our
country and we pay the salaries of our representatives and I know I work
hard at what I do so that is why I have gotten involved. If you need me
to repost the sites so that you can find the contact information for
your particular representatives let me know and I will do so.
I have yet to see the Congressional Budget Office scoring (the price
tag) on this bill. I caution you that the CBO can only score or estimate
the cost or do the financials as the bill is written, the CBO is not
responsible for saying the bill does not add up, or that what is in the
bill is not possible. The CBO does not make the determination that money
can or cannot be allocated as it is written in the bill. It scores what
it can as the bill is written and presented to them. CBO's mandate is to
provide the Congress with:
* Objective, nonpartisan, and timely analyses to aid in economic
and budgetary decisions on the wide array of programs covered by the
federal budget and
* The information and estimates required for the Congressional
budget process.
References:
CBO home page - http://www.cbo.gov/aboutcbo/
Office of Congress - copy of the bill:
Really Long Link
Ns8btpeEBsW-oEJLfZ-h17E07*Hqb jyxfG7uftXUCyDAWaYaIl/S3480.p df
Or The Library of Congress:
http://thomas.loc.gov/cgi-bin/query/z?c111
. 3480: If you have trouble
getting to the bill click on the word Thomas the Library of Congress
page will open up and write in the search block X3480 and the bill
either summary or full text will be highlighted in blue and click again.
United States Senate: http://www.senate.gov/
Key points to the bill found at this url;
Really Long Link
ontentRecord_id=42e2542c-5056 -8059-7604-87cb5518d790
the Senate. Some strange authors on this bill are Joe Lieberman,
Independent from Connecticut, Susan Collins (Republican) from Maine and
Tom Carper Republican from Delaware. Here is one of the versions of the
bill
Really Long Link
Ns8btpeEBsW-oEJLfZ-h17E07*Hqb jyxfG7uftXUCyDAWaYaIl/S3480.p df
And the very first section introduces a new government office.
TITLE I--OFFICE OF CYBERSPACE POLICY
POLICY.
(a) Establishment of Office- There is established in the Executive
Office of the President an Office of Cyberspace Policy which shall--
(1) develop, not later than 1 year after the date of enactment of this
Act, and update as needed, but not less frequently than once every 2
years, a national strategy to increase the security and resiliency of
cyberspace, that includes goals and objectives relating to--
(A) computer network operations, including offensive activities,
defensive activities, and other activities;
(B) information assurance;
(C) protection of critical infrastructure and key resources;
(D) research and development priorities;
(E) law enforcement;
(F) diplomacy;
(G) homeland security; and
(H) military and intelligence activities;
(2) oversee, coordinate, and integrate all policies and activities of
the Federal Government across all instruments of national power relating
to ensuring the security and resiliency of cyberspace, including--
(A) diplomatic, economic, military, intelligence, homeland security, and
agencies; and
(B) offensive activities, defensive activities, and other policies and
activities necessary to ensure effective capabilities to operate in
cyberspace;
(3) ensure that all Federal agencies comply with appropriate guidelines,
policies, and directives from the Department of Homeland Security, other
Federal agencies with responsibilities relating to cyberspace security
or resiliency, and the National Center for Cybersecurity and
Communications; and
(4) ensure that Federal agencies have access to, receive, and
appropriately disseminate law enforcement information, intelligence
information, terrorism information, and any other information (including
information relating to incidents provided under subsections (a)(4) and
(c) of section 246 of the Homeland Security Act of 2002, as added by
this Act) relevant to--
(A) the security of the Federal information infrastructure or the
national information infrastructure; and
(B) the security of--
(i) information infrastructure that is owned, operated, controlled, or
licensed for use by, or on behalf of, the Department of Defense, a
military department, or another element of the intelligence community;
or
(ii) a national security system.
(b) Director of Cyberspace Policy-
(1) IN GENERAL- There shall be a Director of Cyberspace Policy, who
shall be the head of the Office.
(2) EXECUTIVE SCHEDULE POSITION- Section 5312 of title 5, United States
Code, is amended by adding at the end the following:
`Director of Cyberspace Policy.'.
Outside of the new government office here are the other key elements of
the bill as found on the Senate webpage at
Really Long Link
ontentRecord_id=42e2542c-5056 -8059-7604-87cb5518d790
2. Creation of a National Center for Cybersecurity and Communications
(NCCC) at the Department of Homeland Security (DHS) to elevate and
strengthen the Department's cyber security capabilities and authorities.
The Director will regularly advise the President on efforts to secure
federal networks. The NCCC will be led by a Senate-confirmed Director,
who will report to the Secretary. The NCCC will include the United
States Computer Emergency Response Team (US-CERT), and will lead federal
efforts to protect public and private sector cyber and communications
networks.
3. Updates the Federal Information Security Management Act (FISMA) to
modernize federal agencies practices of protecting their internal
networks and systems. With strong leadership from DHS, these reforms
will allow agencies to move away from the system of after-the-fact
paperwork compliance to real-time monitoring to secure critical systems.
4. Requiring the NCCC to work with the private sector to establish
risk-based security requirements that strengthen cyber security for the
nation's most critical infrastructure that, if disrupted, would result
in a national or regional catastrophe.
5. Requiring covered critical infrastructure to report significant
breaches to the NCCC to ensure the federal government has a complete
picture of the security of these sensitive networks. The NCCC must
share information, including threat analysis, with owners and operators
regarding risks to their networks. The Act will provide specified
liability protections to owners/operators that comply with the new
risk-based security requirements.Creation of a responsible framework,
developed in coordination with the private sector, for the President to
authorize emergency measures to protect the nation's most critical
infrastructure if a cyber vulnerability is being exploited or is about
to be exploited. The President must notify Congress in advance before
exercising these emergency powers. Any emergency measures imposed must
be the least disruptive necessary to respond to the threat and will
expire after 30 days unless the President extends them. The bill
authorizes no new surveillance authorities and does not authorize the
government to "take over" private networks.
6. Development of a comprehensive supply chain risk management strategy
to address risks and threats to the information technology products and
services the federal government relies upon. This strategy will allow
agencies to make informed decisions when purchasing IT products and
services.
7. Requiring the Office of Personnel Management to reform the way cyber
security personnel are recruited, hired, and trained to ensure that the
federal government has the talent necessary to lead the national cyber
security effort and protect its own networks.
As I said the key elements I got from the Senate Web page. The URL is
Really Long Link
ontentRecord_id=227d9e1e-5056 -8059-765f-2239d301fb7f
It is important to know where the information comes from so you are
aware of the bias it takes. I try and get information from all sides
but I primarily want to be an advocate for making the bills accessible
so that you can read them, form your own opinion and then contact your
senators and congressmen and or congresswomen. Tell them how you want
them to vote on the issues that are important to you. This is our
country and we pay the salaries of our representatives and I know I work
hard at what I do so that is why I have gotten involved. If you need me
to repost the sites so that you can find the contact information for
your particular representatives let me know and I will do so.
I have yet to see the Congressional Budget Office scoring (the price
tag) on this bill. I caution you that the CBO can only score or estimate
the cost or do the financials as the bill is written, the CBO is not
responsible for saying the bill does not add up, or that what is in the
bill is not possible. The CBO does not make the determination that money
can or cannot be allocated as it is written in the bill. It scores what
it can as the bill is written and presented to them. CBO's mandate is to
provide the Congress with:
* Objective, nonpartisan, and timely analyses to aid in economic
and budgetary decisions on the wide array of programs covered by the
federal budget and
* The information and estimates required for the Congressional
budget process.
References:
CBO home page - http://www.cbo.gov/aboutcbo/
Office of Congress - copy of the bill:
Really Long Link
Ns8btpeEBsW-oEJLfZ-h17E07*Hqb jyxfG7uftXUCyDAWaYaIl/S3480.p df
Or The Library of Congress:
http://thomas.loc.gov/cgi-bin/query/z?c111
. 3480: If you have troublegetting to the bill click on the word Thomas the Library of Congress
page will open up and write in the search block X3480 and the bill
either summary or full text will be highlighted in blue and click again.
United States Senate: http://www.senate.gov/
Key points to the bill found at this url;
Really Long Link
ontentRecord_id=42e2542c-5056 -8059-7604-87cb5518d790
| 77 |
| Vote |
subscribe to this blog
