Well before “cybersecurity” became the topic of the day on a national scale, Jim Lewis was tracking it. Since coming on board the Center for Strategic and International Studies in 2001, Lewis has made cybersecurity his main focus. So, with all the talk — and unanswered questions — about the 60-day cybersecurity review upon us, what will the next 12 months bring? Here Lewis offers his take on the administration’s current and future response to cybersecurity, legislatiive initiatives in the works, and what private industry needs to do — now — to be part of the cybersecurity solution.

EB: A lot is going on with federal cybersecurity. What do you think the next 12 months will bring?

Jim Lewis: Several things will affect what the federal government does.  First, most people know about the 60-day cybersecurity review being led by the White House to come up with a national plan. Second, three bills on the legislative agenda could help shape cybersecurity: the Rockefeller-Snow bill; Senator Carper’s rewrite of FISMA; and Senator Feinstein’s Data Breach Notification Bill. At least one of those bills will make it through, maybe two.

EB: Are you pleased with these legislative proposals? Any provisions that give you pause?

Jim Lewis: All of these bills are strong, and if they pass the country would be better off when it comes to network security. There are controversial parts — like the “big red switch” provision of the Rockefeller-Snow bill, but on the whole they have created the national debate we need but haven’t had before.

Read the rest of this entry »