• Home
• News
  • Business Continuity News
  • Regional news
  • Sector news
  • Events Diary
  • Newsletters
  • Newsfeed
• Jobs
• Topics
  • BC: Facilities & Buildings
  • BC: General
  • BC: Markets & Companies
  • BC: Plan Development
  • BC: Software
  • BC: Statistics
  • BC: Testing & Exercising
  • Crisis Comms & Management
  • Critical Infrastructure Protection
  • Disaster Recovery
  • Emergency Management
  • Enterprise Risk Management
  • Operational Risk Management
  • Pandemic Planning
  • PS Prep
  • Standards
  • Terrorism
• Technology
  • Cloud Computing
  • Data Center / Centre Issues
  • ICT Continuity
  • Information Security
  • Recovery Facilities
• Resources
  • Webinars
  • BC software directory
  • Newsfeed
  • Twitter
  • Advanced BC information
  • Advanced ICT information
  • Basic BC information
  • Basic ICT information
  • How to advertise
  • About us
  • Contact us
  • Privacy
• Newsletters
• Training

WELCOME TO THE CONTINUITY CENTRAL ARCHIVE SITE

Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

US Senate committee leaders introduce cyber-security legislation

A group of Senate committee leaders have introduced bipartisan legislation to secure the cyber systems of US critical infrastructure providers.

The Senators were Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., Ranking Member Susan Collins, R-Maine, Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca.

The Cybersecurity Act of 2012, S. 2105 envisions a public-private partnership to secure those systems which ‘if commandeered or destroyed by a cyber attack could cause mass deaths, evacuations, disruptions to life-sustaining services, or catastrophic damage to the economy or national security.’

The legislation reflects recommendations from companies and trade associations representing the information technology, financial services, telecommunications, chemical, and energy sectors, among others. National security, privacy and civil liberties experts also provided essential counsel.

The Cybersecurity Act of 2012 would require:

• The Department of Homeland Security to assess the risks and vulnerabilities of critical infrastructure systems to determine which should be required to meet a set of risk-based security standards. Owners/operators who think their systems were wrongly designated would have the right to appeal.
• DHS to work with the owners/operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practices. If a sector is sufficiently secured, no new performance requirements would be developed or required to be met.
• The owners of a covered system to determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also be used to verify compliance, or an owner could choose to self-certify compliance Current industry regulators to continue to oversee their industry sectors.
• Information-sharing between and among the private sector and the federal government to share threats, incidents, best practices, and fixes, while maintaining civil liberties and privacy.
• DHS to consolidate its cybersecurity programs into a unified office called the National Center for Cybersecurity and Communications.
• The government to improve the security of federal civilian cyber networks through reform of the Federal Information Security Management Act.

Source: The Committee on Homeland Security and Governmental Affairs

•Date: 15th February 2012 • US •Type: Article • Topic: Critical infrastructure protection

Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.