The Cybersecurity Act of 2012 is Dead, But Efforts to Lessen Threats Live On

Last week, the Cybersecurity Act of 2012 failed to win approval in the Senate, falling eight votes short of the required 60 to end a Republican filibuster. So what’s next?

The White House maintains that government standards would help protect critical infrastructure, and may even consider issuing an executive order. In an email to the Hill, Press Secretary Jay Carney said, “Moving forward, the President is determined to do absolutely everything we can to better protect our nation against today’s cyber threats and we will do that.”

Why the contentiousness over what should be a no brainer?

A criticized component of the proposed legislature encouraged the sharing of cyber threat information between private sectors and the government. Many businesses believe that the benefits won’t outweigh the extra effort this will require. Others feel they know how to protect their own systems better than a one-size-fits-all policy.

Norman recently hosted a series of dinners for IT and security managers of SCADA systems to discuss the potentially devastating impact of these threats. The overwhelming reaction included amazement that stricter, standardized regulations aren’t in place. However, another company’s survey of 241 BlackHat attendees indicated that 60 percent of information security professionals believe government regulation will not improve security for critical infrastructure.

While I hate clichés, when it comes to cybersecurity, protection is only as strong as the weakest link – if all the companies in a value chain have outstanding security solutions in place and just one fails to keep their systems up to date, given the amount of IP and information that is shared today, the whole value chain is at risk.

Despite the defeat, the Cybersecurity Act of 2012 called for some undeniably positive programs to provide additional training and enriched career paths for security experts. As threats become more serious, the demand for the number and quality of highly professionals will only increase. Even with the bill killed, The National Security Agency is establishing university programs, and Secretary of Homeland Security Janet Napolitano is touring universities to communicate the importance of cybersecurity expertise to potential recruits. Hopefully a new pool of security professionals who understand the need to defend against cyberattacks will benefit both private companies and federal programs.

On Wednesday, the White House indicated President Obama may follow through on his Executive Order threat.  While I’m not a fan or shortcircuiting our government’s system of checks and balances, I consider cybersecurity such a critical issue that I hope the President does follows through.

If nothing else, The Cybersecurity Act of 2012 has created a heightened awareness and focus on the threats to our critical infrastructures that businesses and federal agencies cannot ignore.  I’m hopeful that there will shortly be a better solution in place.