By Dan Verton
The answer to who is in charge of the federal effort to bolster the nation’s cybersecurity posture may not be as difficult to uncover as previously thought. As the Department of Homeland Security awaits public comments on its voluntary framework initiative—due Oct. 10—the Federal Trade Commission has been making an aggressive push to expand its authorities and force companies that have lax security programs to bolster their defenses.
To be fair, the DHS-backed program, known as the Framework for Improving Critical Infrastructure Cybersecurity and developed by the National Institute of Standards and Technology with extensive input from the private sector, is only seven months old. But despite more than a year of development work and meetings around the country, nobody is really sure yet how many private sector firms have adopted the voluntary standards or what impact the standards have had on the nation’s cybersecurity posture. What is clear, however, is the number of massive data breaches is rising and so are the number of punitive enforcement actions by the FTC targeting companies that have failed to take appropriate measures to protect consumer information.