Tuesday, July 16, 2013

Senate Bill Orders NIST to Develop Cybersecurity Best Practices

16 July 2013

Following President Obama’s executive order to work on information sharing to thwart cybersecurity threats, the Senate Commerce Committee has issued a draft bill that directs the National Institute of Standards and Technology (NIST) to develop voluntary standards for cybersecurity best practices.

Spearheaded by Committee chairman Jay Rockefeller (D- W. Va.) and ranking member John Thune (R-S.D.), the bill as written is fairly non-controversial, unlike previous public-private information-sharing bills like the Cyber Intelligence Sharing and Protection Act (CISPA), which has died in the Senate after passing in the house.
It will require that NIST’s standards: be voluntary; developed in close and continuous coordination with industry; not conflict with or duplicate existing regulatory requirements; incorporate voluntary consensus standards and industry best practices and align with voluntary international standards; and are technology neutral.
The bill also sets forth that the federal government should support “cutting edge research, increase public awareness and improve our workforce to better address cyber threats."
Earlier in the year, the Senate also introduced a proposed law to thwart espionage, called the Deter Cyber Theft Act. Also a bi-partisan measure, that bill aims to protect the fruits of billions of dollars in research and development from spies – both homegrown as well as state-sponsored.
Introduced by Sens. Carl Levin (D-Mich.), Jay Rockefeller (D-W.Va.), John McCain (R-Ariz.) and Tom Coburn (R-Okla.), the Deter Cyber Theft Act would require the Director of National Intelligence to compile an annual report on foreign economic and industrial espionage, including a priority watch list of the worst offenders; a list of companies and countries engaging in theft; a list of US technologies or proprietary information targeted by such espionage and, to the extent possible, a list of such information that has been stolen and what it’s been used for; and actions taken by the DNI and other federal agencies to combat industrial or economic espionage in cyberspace.
The legislation, most importantly, would also require the president to block import of products containing stolen US technology, those made by state-owned enterprises of nations on the DNI’s list that are similar to items identified in its report as stolen or targeted, and any products made by a company the DNI identifies as having benefited from theft of US technology or proprietary information.


No comments:

Post a Comment