Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

US Senate committee leaders introduce cyber-security legislation

A group of Senate committee leaders have introduced bipartisan legislation to secure the cyber systems of US critical infrastructure providers.

The Senators were Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Ranking Member Susan Collins, R-Maine, Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca.

The Cybersecurity Act of 2012, S. 2105 envisions a public-private partnership to secure those systems which ‘if commandeered or destroyed by a cyber attack could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.’

The legislation reflects recommendations from companies and trade associations representing the information technology, financial services, telecommunications, chemical, and energy sectors, among others. National security, privacy and civil liberties experts also provided essential counsel.

The Cybersecurity Act of 2012 would require:

  • The Department of Homeland Security to assess the risks and vulnerabilities of critical infrastructure systems to determine which should be required to meet a set of risk-based security standards. Owners/operators who think their systems were wrongly designated would have the right to appeal.
  • DHS to work with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practices. If a sector is sufficiently secured, no new performance requirements would be developed or required to be met.
  • The owners of a covered system to determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also be used to verify compliance, or an owner could choose to self-certify compliance Current industry regulators to continue to oversee their industry sectors.
  • Information-sharing between and among the private sector and the federal government to share threats, incidents, best practices, and fixes, while maintaining civil liberties and privacy.
  • DHS to consolidate its cybersecurity programs into a unified office called the National Center for Cybersecurity and Communications.
  • The government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act.

Source: The Committee on Homeland Security and Governmental Affairs

•Date: 15th February 2012 • US •Type: Article • Topic: Critical infrastructure protection

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here