Cybersecurity bill would impose standards, certifications

Legislation in the Senate would consolidate the leadership of federal cybersecurity programs in a new advisory office in the Executive Office of the President. The legislation also calls for new enforceable cybersecurity standards for the public and private sectors, and a licensing and certification program for cybersecurity professionals.

Sens. John "Jay" Rockefeller (D-W.Va.), chairman of the Commerce, Science and Transportation Committee, and Olympia Snowe (R-Maine) announced the legislation today. They seek to streamline cybersecurity authorities, promote public awareness, enhance cybersecurity cooperation between government and industry, and increase cybersecurity education and research and development efforts, according to a statement.

According to a summary, the legislation would give the new national cybersecurity adviser authority to disconnect a federal or critical infrastructure network from the Internet if they are found to be at risk of a cyberattack. The new adviser would also oversee the development of a comprehensive national strategy for cybersecurity and lead quadrennial reviews of cybersecurity.

The senators also called for a public awareness campaign, a review of the laws that apply to cybersecurity and a report on identity management and civil liberties. They would also further involve the private sector in cybersecurity efforts through the establishment of:

• A group that would certify that products purchased by the federal government meet cybersecurity standards.
• A panel of outside experts to advise the president on cybersecurity.
• A public-private clearinghouse for information sharing on cyberthreats.
• State and regional cybersecurity centers to help small and medium-sized businesses.

Meanwhile, the Obama administration’s security advisers continue their 60-day review of the country’s cybersecurity efforts. That effort review is expected to produce a series of recommendations for how the federal government should organize cybersecurity efforts and engage with the private sector.