Cybersecurity ‘compliance regime’ a concern on the Hill

From: FierceGovernment IT

Cybersecurity legislation will not solve the challenges faced in public- and private-sector IT, and could result in another security check box instead of a cultural change, said Kevin Gronberg, senior counsel for the House Homeland Security Committee.

Gronberg said that even agencies fully compliant with the Federal Information Security Management Act have suffered massive data breaches.

“I’m concerned that Congress may believe that the debate will be over as soon as the president signs that bill. We need to understand what drives the culture of a secure cyber environment and move our country toward that,” said Gronberg.

He said his committee is working on cybersecurity legislation now, and noted that the fiscally-constrained environment “will be a real problem.”

“We are under ‘cut-go’ regime, where we cut spending if we’re going to add anything. That causes real problems with regard to some aspects of, say, the Lieberman-Collins bill [S.413 (.pdf)], if it were to come over to the House as is,” said Gronberg.

Gronberg commended the Homeland Security Department, the cybersecurity office within the National Security Council, the National Security Agency and the National Institute of Standards and Technology for pushing information on the “state of play” to the fore, but complained that the “take up of this issue as an important issue is not as widespread as we would like it to be.”

Politics are preventing cybersecurity messaging from reaching Capitol Hill and the public at large, said CSIS Fellow Stewart Baker, a partner at law firm Steptoe & Johnson.

“Business doesn’t want to spend more money and they tend to lobby against the idea that this is a serious problem. Privacy groups are very wary of any suggestion that we need better defenses against cyber attacks because they fear it will make changes in information technology that will make it harder to maintain anonymity in cyberspace. And other countries are unenthusiastic about our approach to cyber defense because they think it will be an excuse for protectionism,” said Baker.

“All of those groups, in one way or another, try to influence the climate in which decisions about spending stimulus funds are made and they keep defense issues off the table by discrediting it with claims that it’s hyped because it’s in their interest to do that,” said Baker.


Leave a Reply

Your email address will not be published.

Please Answer: *