We applaud Senators Jay Rockefeller (D-WV) and John Thune (R-SD) for introducing “the Cybersecurity Act of 2013” this month. The act covers several important policy elements of the cybersecurity ecosystem. For instance, among the bill’s provisions are sections on public-private collaborations on cybersecurity; cybersecurity research and development, education and workforce development; and cybersecurity awareness and preparedness. An important component of the proposed legislation is its focus on public-private collaborations aimed at developing best practices and processes for protecting critical infrastructures from cyber-threats and attacks.
The development of best practices and processes through public-private collaborations are proven as effective tactics and tools to protect critical infrastructures from cyber-threats and attacks. CompTIA believes that the Cybersecurity Act of 2013 underlines the importance of those public-private collaborations. While we await the results of next week’s mark-up of the bill, the association believes this is an excellent step forward and applauds the bipartisan effort in crafting the bill.
The legislative proposal is the latest development since the issuance of President Obama’s executive order (EO) titled “Improving Critical Infrastructure Cybersecurity” issued February 12. Among the directives in the EO is a requirement that the National Institute for Science and Technology (NIST) “lead the development of a framework to reduce cyber-risks to critical infrastructure (the ‘cybersecurity framework’). The cybersecurity framework shall include a set of standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber-risks.”
Consequently, NIST hosted a series of workshops aimed at developing the cybersecurity framework per the EO directive. Thus, the Cybersecurity Act of 2013 aims to strengthen NIST’s authority to “on an ongoing basis, facilitate and support the development of a voluntary, industry-led set of standards, guidelines, best practices, methodologies . . . to reduce cyber-risks to critical infrastructure.”
NIST is also directed to “protect individual privacy and civil liberties” as it develops best practices and processes for the critical infrastructure cybersecurity ecosystem. Finally, there is a commitment in the bill to advance education and awareness of steps stakeholders in the cybersecurity ecosystem can take to protect against cyber-threats and attacks. Simple steps such as installing virus protection software and protecting passwords go a long way toward fostering a safe and protected cybersecurity ecosystem.
