On May 12, the White House formally presented Congress with cyber security legislation. In it, the administration pointed out exactly what the security policy will cover:
Cybersecurity policy includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure.
As a senior official told Politico:
The administration has taken significant steps to better protect America against cyberthreats, but it has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated.
Cyber security, the Politico article added, often raises concerns from groups about privacy and civil liberties. I understand those concerns, but I also think that people just don’t understand the underlying threat of cyber security in today’s society. And it isn’t just the average citizen or advocacy groups that should be worried about privacy. Companies and organizations central to keeping the country running are lax about cyber security issues.
For example, Q1 Labs and the Ponemon Institute revealed a study last month that showed that more than 75 percent of global energy organizations surveyed admitted to having suffered at least one data breach over the last 12 months.
The survey, “State of IT Security: Study of Utilities & Energy Companies,” also found:
- 77 percent of the global energy organizations surveyed state that compliance is NOT a priority.
- 71 percent say C-level does not understand/appreciate security.
- 76 percent of the global energy organizations surveyed have suffered one or more data breaches over the course of the last 12 months.
Said Tom Turner, senior vice president of marketing and channels at Q1 Labs:
Gone are the days, when the only security concern was attack by land, air or sea. Today with cyber security requirements and demand for continuous monitoring, our critical infrastructure needs the ability to ensure compliance with IT security policies, establish new benchmarks and generate continuous, real time reporting to protect themselves against an attack.
This is why we need to pay attention to cyber security. In my opinion, the president’s legislation to Congress is long overdue.