A new bill making the rounds on Capitol Hill will give the Department of Homeland Security some amount of regulatory control over private networks. HR 6423, “The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010,” will empower DHS to set cybersecurity standards for some private networks that are considered critical infrastructure.
Among other things, the bill’s sponsors claim that HR 6423 is aimed at the following goals:
- Creating a new Cybersecurity Compliance Division to oversee the establishment of performance-based standards that reflect the risks particular to the .gov domain and critical infrastructure networks.
- Requiring DHS to work with network operators, to develop tailored security plans that meet risk-based, performance-based standards, similar to the current chemical security law.
- Requiring DHS to share threat intelligence and protect proprietary information.
That the federal government wants to at least look like it’s making an effort to secure critical infrastructure is no surprise, given how deeply the Stuxnet worm has changed the security game. Allegedly intended for Iran’s hidden nuclear program, the worm’s existence has massive implications for the security of all manner of privately owned networks that we rely on for basic services. Utilities, telecom, and finance are three key areas that DHS considers vulnerable.
Loading comments...
