When they can secure their own crap, they can talk to me about licensure. On 4/1/09, Larry Seltzer <[email protected]> wrote: > BTW, you're missing the best part of the article: "[The bill] would > require the National Institute of Standards and Technology to establish > "measurable and auditable cybersecurity standards" that would apply to > private companies as well as the government. It also would require > licensing and certification of cybersecurity professionals. " > > Larry Seltzer > eWEEK.com Security Center Editor > http://security.eweek.com/ > http://blogs.pcmag.com/securitywatch/ > Contributing Editor, PC Magazine > [email protected] > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Paul Ferguson > Sent: Wednesday, April 01, 2009 3:45 AM > To: [email protected] > Subject: [funsec] Senate Legislation Would Federalize Cyber Security > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Via The Washington Post. > > [snip] > > Key lawmakers are pushing to dramatically escalate U.S. defenses against > cyberattacks, crafting proposals that would empower the government to > set > and enforce security standards for private industry for the first time. > > The proposals, in Senate legislation that could be introduced as early > as > today, would broaden the focus of the government's cybersecurity efforts > to > include not only military networks but also private systems that control > essentials such as electricity and water distribution. At the same time, > the bill would add regulatory teeth to ensure industry compliance with > the > rules, congressional officials familiar with the plan said yesterday. > > Addressing what intelligence officials describe as a gaping > vulnerability, > the legislation also calls for the appointment of a White House > cybersecurity "czar" with unprecedented authority to shut down computer > networks, including private ones, if a cyberattack is underway, the > officials said. > > How industry groups will respond is unclear. Jim Dempsey, vice president > for public policy at the Center for Democracy and Technology, which > represents private companies and civil liberties advocates, said that > mandatory standards have long been the "third rail of cybersecurity > policy." Dempsey said regulation could also stifle creativity by forcing > companies to adopt a uniform approach. > > [snip] > > More: > http://www.washingtonpost.com/wp-dyn/content/article/2009/03/31/AR200903 > 310 > 3684.html > > Somehow, this strikes me as a very bad idea.... > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.5.3 (Build 5003) > > wj8DBQFJ0xtbq1pz9mNUZTMRAk2oAJ44KDALS8wR3u+mQFF3zdg+C3K9twCg7w4m > JtBlu6qbviPa6jU4zRfDMO4= > =qxH9 > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawgster(at)gmail.com > ferg's tech blog: http://fergdawg.blogspot.com/ > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. >
-- Sent from my mobile device _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
