Advertisement

May 20, 2013

Will “Voluntary Standards” Make for an Effective Cybersecurity Bill?

Risk Management Magazine / Risk Managment Montitor a publication of RIMS
Emily Holbrook
Risk and Insurance Management Society, Inc. (RIMS)
Thursday, July 26, 2012
Administrative & Regulatory / Communications, Media & Internet / Consumer Protection
All Federal
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

The debate over revisions to the Cybersecurity Act of 2012 has been fierce and, of course, mostly partisan. Recently, sponsors dropped a measure that would require critical private sector companies to adopt security standards, rather than making such measures voluntary. On the one side, critics say the bill is a step in the right direction for preventing cyberattacks; others feel it is too lax and wrought with problems.

One thing is clear, however. President Barack Obama does not take this topic lightly. Last week he published an op-ed in the New York Times in which he called the cyber threat to our nation, “one of the most serious economic and national security challenges we face.” He writes:

It doesn’t take much to imagine the consequences of a successful cyber attack. In a future conflict, an adversary unable to match our military supremacy on the battlefield might seek to exploit our computer vulnerabilities here at home. Taking down vital banking systems could trigger a financial crisis. The lack of clean water or functioning hospitals could spark a public health emergency. And as we’ve seen in past blackouts, the loss of electricity can bring businesses, cities and entire regions to a standstill.

Frightening. And true.

An earlier version of the bill required companies who run the power grid, gas pipelines, water supply systems and other critical infrastructure to meet a certain level of security. Republicans opposed, so the newer, revised bill says companies can recommend their own security regulations and volunteer to have their security practices inspected by the government, making it, essentially, a bill that merely suggests that these companies take certain measures. A recent article on the Huffington Post site states:

The new bill “basically depends on the industry to make a good faith effort to improve security, and up until now they haven’t done anything,” said Joe Weiss, a security expert on critical infrastructure. “The question is, ‘Why would you expect all of a sudden for that to change?’”

James Lewis, a senior fellow at the Center for Strategic and International Studies, said, “The problem is the bill doesn’t give the government any new capabilities. You don’t need this bill. Nothing really changes.”

Without comprehensive, mandatory cybersecurity legislation, how can we hope to prevent such nationwide, debilitating events?

Risk Management Magazine and Risk Management Monitor. Copyright 2013 Risk and Insurance Management Society, Inc. All rights reserved.

About the Author

Emily Holbrook
Editor

Emily Holbrook is the editor of Risk Management magazine and the Risk Management Monitor blog.

www.rmmagazine.com
212-655-5915
www.rmmagazine.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.