FISMA News

From: InfoSecurity.com

Incoming Speaker of the House, Rep. John Boehner (R-Ohio), has tapped Rep. Mac Thornberry (R-Texas) to lead a cybersecurity initiative in the next Congress.

Boehner, who will become Speaker of the House when the new Congress is sworn in next month, said that Thornberry, who will become vice chairman of the House Armed Services Committee, will “lead an initiative on cybersecurity that cuts across committee lines.”

Thornberry said the cybersecurity initiative “will focus Congress’s efforts to combat the growing national security and economic threat. Cybersecurity is an issue of increasing importance in the wake of a number of high-profile breeches of both public and private cyber networks.”

December 21, 2010 marks the tenth anniversary of the Data Quality Act (DQA), also known as the Information Quality Act, 44 U.S.C § 3516, note.

The DQA has deep roots developed over nearly a half-century as the result of a seed planted during the Johnson Administration which germinated in the Nixon Administration, was watered by the Carter Administration and whose product was harvested by the Reagan Administration, made available to the public in the Bush I Administration and subsequently enhanced by the Clinton Administration and promoted by the Bush II and Obama Administrations. See: http://thecre.com/ombpapers/SystemsAnalysisGroup.htm and http://thecre.com/quality/20010924_fedinfotriangle.html

From: Information Week — Government

The Internet and Cybersecurity Safety Standards Act calls for minimum requirements to protect any device connecting to the Internet.

By Elizabeth Montalbano, InformationWeek
December 13, 2010 03:17 PM

A U.S. senator has introduced a bill that would require the government and the private sector to require minimum cybsersecurity standards for devices that connect to the Internet.

Introduced by Sen. Benjamin Cardin, D-Md., the Internet and Cybersecurity Safety Standards Act would require top government officials to determine the cost-effectiveness of requiring Internet service providers and others to develop and enforce cybersecurity safety standards, according to a press statement from Cardin’s office. Cardin is chairman of the Senate Judiciary Terrorism and Homeland Security Subcommittee.

From: Fierce Government

The likelihood of a cyber war anytime soon is remote, but if it did happen, the United States would have no plan and no capability to defend its critical infrastructure, said Richard Clarke, former special advisor to the president on cybersecurity, during a Dec. 8 Cybersecurity Seminar in Washington, D.C.

Congress must reach a consensus that something needs to be done to defend critical infrastructure with smart, enforceable regulation, said Clarke, who is currently a partner at Good Harbor Consulting. What’s more, citizens and businesses must get over their idealogical aversions to government involvement, he said.

From: GovInfoSecurity

Infosec Reform Rests on Fate of Tax Extension
December 9, 2010 – Eric Chabrow

There’s life still yet in legislation to significantly change the way IT security would be governed in the federal government. But the fate of the cybersecurity measure in these waning days of the 111th Congress rests in the Senate, where Republicans first want passage of a deal between President Obama and GOP lawmakers to extend the Bush-era tax cuts to everyone.

From: The Hill

By Gautham Nagesh – 12/07/10 03:59 PM ET

The number of cyber attacks aimed at taking over systems that control utilities and other critical industries is on the rise, according to a senior Department of Homeland Security official.

“It’s certainly a trend,” said Greg Schaefer, assistant secretary for DHS’ Office of Cybersecurity and Communications on Tuesday at an event hosted by the Defense Writers Group.

“It’s widely recognized that the cyber ecosystem we have today favors the offense and not the defense. It is simply too hard to secure the systems,” he added.

From: The Hill

By Gautham Nagesh – 11/18/10 02:12 AM ET

A new bill unveiled Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss.) would give the Department of Homeland Security the authority to enforce federal cybersecurity standards on private sector companies deemed critical to national security.

The Homeland Security Cyber and Physical Infrastructure Protection Act of 2010 authorizes DHS to establish and enforce risk and performance-based cybersecurity standards on federal agencies and private sector companies consider part of the country’s critical infrastructure. Such firms include utilities, communications providers and financial institutions.

Federal government spending on cybersecurity is expected to increase 9.1% per year, reaching $13.3bn in 2015, according to research firm INPUT

In its report, Federal Information Security Market 2010–2015, INPUT cites a number of factors contributing to the growth in government cybersecurity spending: a 445% increase in government cybersecurity incidents since 2006, a shortage of qualified security professionals, an increasingly complex and interconnected technology environment, sweeping legislative remedies aimed at patching holes in federal agencies’ cybersecurity efforts, and the setting up of the White House’s Cybersecurity Coordinator and the Department of Defense’s (DoD) Cyber Command.

President Obama proclaimed that December 2010 is Critical Infrastructure Protection Month and called “upon the people of the United States to recognize the importance of protecting our Nation’s resources and to observe this month with appropriate events and training to enhance our national security and resilience.”

Read Presidential Proclamation here