TRENDING:

Inventorying Cyber-Assaults in U.S.

Legislation Seeks Better Disclosure of Attack Information Eric Chabrow (GovInfoSecurity) • November 8, 2013    
Inventorying Cyber-Assaults in U.S.
Sen. Sheldon Whitehouse, sponsor of cyber-awareness bill

Do you know how many government agencies or, for that matter, critical infrastructure operations have been attacked online? Neither does Congress. But some senators have introduced legislation to find out.

See Also: OnDemand | Navigating the SEC Rules for Enhanced Cybersecurity in IT and OT Environments

The Cybersecurity Public Awareness Act of 2013, S. 1638, would require national security and federal law enforcement agencies to report to Congress on attacks on federal networks, investigations of cybercrime and impediments to public awareness of common cybersecurity threats.

The bill also includes provisions that would boost awareness of threats against federal agencies, the military, the nation's critical infrastructure and publicly traded companies.

"This legislation will allow us to better arm ourselves with the basic knowledge needed to protect our nation's vital assets and our privacy," says Sen. Sheldon Whitehouse, D-R.I., the bill's chief sponsor.

S. 1638 would require the departments of Homeland Security and Defense to submit to Congress unclassified summaries of major cyber-incidents against executive agencies and the military. The reports from DHS and DoD also would furnish aggregate data on the number of breaches on executive branch and military networks, the amount of data stolen and the costs to remedy the breaches.

Smart, Market-Based Approach

Jacob Olcott, cybersecurity principal at the security advisory firm Good Harbor Consulting, says one of the biggest challenges stymying those seeking to improve cybersecurity is identifying public data on vulnerabilities.

"Whether you're an investor, an insurance company, or a member of Congress, you want to gain greater visibility into what's happening on the network so you can act accordingly," says Olcott, a former counsel to the Senate Commerce, Science and Transportation Committee. "Sen. Whitehouse likely designed this bill to help create the conditions for greater information disclosure. It's a smart, market-based approach to the problem."

The legislation also would require:

  • The Securities and Exchange Commission to assess cyber-risks and cyber-incidents reported in financial statements public companies file with the SEC;
  • Federal regulators to describe the state of cyber vulnerabilities threatening critical infrastructure sectors they regulate;
  • The attorney general and FBI director to describe federal investigations and prosecutions relating to cyber-intrusions, network compromises or other forms of illegal hacking;
  • DHS to work with federally funded research and development agencies to report on opportunities to develop new ways to enhance critical infrastructure cybersecurity without infringing on privacy rights.

Step Toward Understanding the Problem

Congress in recent years has failed to enact significant cybersecurity legislation (see Cybersecurity Legislation: What's Next?), a point made by Sen. Lindsey Graham, the South Carolina Republican who's one of the bill's cosponsors. "So far Congress has failed to forge a workable cybersecurity framework to protect the United States against a fast-growing national security and economic threat," he says. "This bill is a great step toward understanding this problem so that Congress can adequately and appropriately address it."

The bill, introduced Oct. 31, was assigned to the Senate Homeland Security and Governmental Affairs Committee.

Previous
Online Scans: Precursor to Attack?
Next
Tech's Role in Mitigating Insider Threats

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.