By Stephanie Condon
Politics and Law
March 26, 2009
The comprehensive cybersecurity legislation currently in development in
the Senate aims to bring high-level government attention to the serious
problem of cybersecurity by giving one White House official oversight of
critical network infrastructure.
Yet the proposal in the draft legislation to give the national
cybersecurity adviser the ability to disconnect federal or "critical"
networks under threat of cyberattack may create more uncertainties than
solutions, at least initially, cybersecurity experts warn.
Determining which networks are "critical" would be the first step to
achieving security. A summary of the draft bill obtained by CNET News
acknowledges the large swath of critical infrastructure that resides in
the private sector-- banking, utilities, auto traffic control, and
Those networks all have different risk tolerances and means of
mitigating risk--giving one person authority to disconnect any of them
from the Internet would require a strong understanding of an
overwhelming number of different systems.
"The irony is people keep on asking for somebody in charge who has this
God's-eye view of what's going on in a purposefully decentralized
system," said Bob Giesler, vice president for cyber programs at Science
Applications International Corporation (SAIC). "This permeates the whole
(cybersecurity) debate, which is what can the government do for us. I
think you'll find at the end of Melissa Hathaway's 60-day
(cybersecurity) review that industry will come back and say the best
thing they can do is is share the data so we can be better risk
managers," rather than manage risk themselves.
Best Selling Security Books and More!