The latest version of the National Defense Authorization Act was stripped of several notable federal cybersecurity reforms.
The omitted language includes the creation of White House based office to coordinate cybersecurity efforts and the creation of a Federal Cybersecurity Practice Board to enforce Federal Information Security Management Act compliance and implementation of National Institute of Standards and Technology recommendations.
Also missing from the legislation is the requirement that federal agencies implement automated network monitoring systems that would detect vulnerabilities and cyber based threats.
In an interview Larry Clinton, President of the Internet Security Alliance (ISA) is hopeful that the the missing provisions is a sign that a more comprehensive Bill may be in the works that consolidates the piecemeal framework outlined in dozens of other proposed security legislation:
“We’re not embracing the issue in its totality. Right now, the private sector is in charge of securing critical infrastructure, and the government’s job is compliance. They have fundamentally misunderstood the relationship that needs to develop between the public and private sectors.”
“This may suggest there is a still a case for a comprehensive cybersecurity bill, instead of [pieces] put into must-have legislation like the Defense Authorization [bill]."
“So far, [cybersecurity] has been treated as an operational and technical issue…but it’s much broader than that and needs to be appreciated in its broader context. I think we’ll see additional efforts in cybersecurity legislation.... I think they will be increasingly sophisticated in the continuing learning process throughout Congress.”
The Internet Security Alliance (ISA) is a unique multi-sector trade association which provides thought leadership and strong public policy advocacy as well as business and technical services to its membership.
The ISA represents enterprises from the aviation, banking, communications, defense, education, financial services, insurance, manufacturing, security, and technology industries.
ISA’s mission is to integrate advanced technology with the realistic business needs of its members and enlightened public policy to create a sustained system of cybersecurity.