Cybersecurity Bill: Too Little, Too Late?

Last week, the Congressional Committee on Science, Space, and Technology announced that it unanimously approved H.R. 2096, the Cybersecurity Enhancement Act of 2011, a bill that coordinates research and related activities conducted across federal agencies to better address evolving cyber threats.

“By strengthening agency coordination and cooperation on cybersecurity research and development efforts, this bill will help address the comprehensive cybersecurity needs of the nation,” said Committee Chairman Ralph Hall (R-TX). “This is a good bill, and it represents an important step in Congress’s overall efforts to address cybersecurity issues.” 

Cybersecurity R&D is currently shared by several federal agencies, many under the jurisdiction of the Committee, the announcement said. This bipartisan bill primarily addresses efforts at the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST).

“Today’s hackers are no longer thrill-seeking teenagers,” said Rep. Michael McCaul (R-TX), one of the bill’s co-sponsors, in the announcement. “They are organized crime syndicates and national militaries that commit espionage. From thousands of miles away, increasingly sophisticated foreign adversaries are electronically infiltrating sensitive U.S. computer networks to obtain military technologies.”

According to the Committee, H.R. 2096 requires increased coordination and prioritization of federal cybersecurity R&D activities and the development and advancement of cybersecurity technical standards. Anyone who follows the ongoing battle between criminal hackers and legitimate enterprises realizes that better coordination among federal agencies is vital to fighting cyber-crime on a national and international level. This is a positive step, but—like many things we see from Congress—a baby step on a journey where giant steps are desperately needed.

As Rep. McCaul suggests, modern cyber-criminals and unfriendly governments are operating on a very sophisticated level to steal money and data—or to create havoc—in the government and corporate systems we have all come to depend upon in the U.S. Certainly, we want to coordinate our taxpayer-funded efforts to fight this. Beyond that, however, I’m not sure what having cybersecurity technical standards does to stop cyber-crime, unless it refers to all agencies being on the same page, which I heartily endorse.

Nevertheless, this bill amounts to the same thing as telling a group of five-year-old T-ball players to “play nice,” but providing no instruction on the basics of baseball and no equipment to play the game. We need a lot more than this if we hope to make headway in cybersecurity. We need a dedicated and well-funded federal agency that does nothing else but defend our interests in the cyber-world and that continues to evolve new security methods and solutions—just as criminals continue to come up with new ways to steal and cause problems.

Insurance and financial services are industries that are closely linked with government and corporate enterprises, so we can ill afford to tolerate ineffective measures when it comes to the security of the data that is our lifeblood.

One positive about the new bill is that it also “strengthens cybersecurity education and talent development and industry partnership initiatives,” says the Committee. There is a definite need to develop talented individuals who will devote themselves to defending our nation’s government and corporate systems. There is also a need, however, to provide a place for these individuals to ply their trade.

Much will hinge on the fuzzily-defined “public-private cooperation” hinted at in this bill. Unless we are serious about funding this effort and sticking it out for what will likely be many years to come, our efforts amount to little more than using a shot glass to bail water from a sinking ocean liner.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

For reprint and licensing requests for this article, click here.
Security risk Analytics Data and information management Policy adminstration Data security
MORE FROM DIGITAL INSURANCE