[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] govexec.com, 2.5.2002: Cybersecurity legislation gets mixed reviews
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
http://www.govexec.com/dailyfed/0502/050202td2.htm
May 2, 2002
Cybersecurity legislation gets mixed reviews
By Liza Porteus, National Journal's Technology Daily
Government and industry officials on Thursday hailed a bill aimed at
ensuring that federal agencies maintain strong information security but
questioned certain aspects of the measure.
Two House Government Reform subcommittees--Government Efficiency,
Financial Management and Intergovernmental Relations, and Technology and
Procurement Policy--held a joint hearing on the bill, H.R. 3844, which
would permanently reauthorize the Government Information Security Reform
Act (GISRA) and implement additional computer-security measures for
federal agencies.
Mark Forman, e-government chief for the Office of Management and Budget,
said the administration is still developing its position on the
legislation. He said the continued strong role of the National Institute
of Standards and Technology in information security is "critical." NIST
will help agencies conduct security reviews for submission to OMB.
Robert Dacey, director of information security at the General Accounting
Office, agreed that continuation of GISRA is "essential" but said the
administration should do more to obtain technical expertise to protect
computer systems and to make sure sufficient resources are available.
But certain changes should be made to the legislation, some panelists
said.
The bill, for instance, calls for an information-emergency response
center. But Daniel Wolf, information assurance director for the National
Security Agency, said yet another incident-response center like those
housed at NSA, the Defense Department and the FBI's National
Infrastructure Protection Center would add "unnecessary redundancy."
The Commerce Department, meanwhile, does not want the measure to
transfer authority on security standards from NIST to OMB. Ron Miller,
chief information officer of the Federal Emergency Management Agency,
suggested that the bill should include a stronger link between security
requirements for information technology and the capital planning
process, and that there should be more focus on retaining IT
professionals and individual accountability for security.
"It would be very useful if the federal government provided IT security
training in perhaps the same way that it offers standardized training in
technology subjects, management skills, leadership development and other
professional disciplines," Miller said.
Miller also said effective cybersecurity will require a coordinated
effort with the White House Office of Homeland Security to link the
federal government with other governmental and industry representatives.
Jim Dempsey, deputy director for the Center for Democracy and
Technology, also said the measure should not eliminate the Computer
System Security and Privacy Advisory Board, which has served as an
advisory group for the federal government on privacy issues.
"At the current time, when there are so many important privacy issues
facing the government and the private sector, it is inadvisable to
reduce the federal government's ability to address privacy issues,"
Dempsey said.
Dempsey said the legislation also would not address enough privacy
concerns and should include provisions to bring privacy and other
aspects of information policy into the development of security
standards. He said government should look to privacy practices currently
employed by the private sector as a model.
A Davis spokesman said the goal is to get the bill marked up in the full
House Government Reform Committee within two weeks.
GAO and the subcommittees released a report (GAO-02-407) detailing what
other actions are necessary to fully implement GISRA and other
information security reforms.
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.