Industry Expert: New Cyber Legislation Could Create Disincentives

Larry Clifton, Melissa Hathaway

The Obama administration’s new cybersecurity proposal could create counterincentives against better private-sector cybersecurity, according to Larry Clinton, president of the Internet Security Alliance.

Released last month, the White House proposal mandates that the parts of private-sector that operates critical infrastructure would be audited using a range of performance standards. The audits would be publicly available, FierceGovernment IT reported.

However, Clinton said the new framework does not take into consideration the evolution of  cybersecurity and the stealthy nature of certain threats.

Today’s threats “go into your system and they hide,” he said, speaking before a June 24 House Homeland Security subcommittee on cybersecurity, infrastructure protection and security technologies. Businesses need incentives to be on the lookout for malware, without the disincentive in the form of publically published audit results.

The harder a company looks for a problem, “the more likely they are going to be named and shamed for finding it, we’ve created exactly the wrong incentives,” he said.

Clinton also recommended a federal revolving fund to stimulate growth of cyber threat insurance. Today, the federal government absorbs all the risk of a major cyber event, he said, and in the event of a web-based attack taking down a major part of the infrastructure, Congress would be stuck with the bill.

During the hearing, Melissa Hathaway, president of Hathaway Global Strategies and former White House cyber official, criticized the White House proposal for the regulatory role over industry cybersecurity it could create for the DHS.

“Inserting DHS into a regulatory role in this context dilutes its operational and policy responsibilities and likely distracts from the nation’s security posture,” she said.


You may also be interested in...

GSA Eyes ‘On-Ramp’ Solicitation for OASIS Small Business IDIQ’s Six Subpools

The General Services Administration has announced plans to issue a solicitation as an on-ramp for the six subpools of the One Acquisition Solution for Integrated Services Small Business contract vehicle. GSA’s Federal Acquisition Service said in a presolicitation notice published Friday that it expects to award 30 contracts for subpool 1, 20 contracts for subpool 3 and eight each for subpools 2, 4, 5B and 6 of the OASIS SB indefinite-delivery/indefinite-quantity contract.

SSL to Design Methane Emission Detection Satellite; Richard White Quoted

Maxar TechnologiesSSL subsidiary has received a contract from Environmental Defense Fund to design and define requirements for a small satellite designed to detect and monitor methane emissions from oil and gas facilities worldwide. MethaneSAT is a small form-factor satellite that will work to provide high-resolution images to help detect and measure low- and high-emission sources in regions that constitute more than 80 percent of global production of oil and gas per week, Maxar said Thursday

Booz Allen’s Sarah St. Clair on Lessons Learned From HR Tech Upgrade Project

Sarah St. Clair, vice president responsible for human resource services at Booz Allen Hamilton, told Diginomica in an interview published Tuesday about the company’s experiences and efforts to address challenges associated with upgrading its HR technology system. St. Clair discussed Booz Allen’s move to execute the Workday project to manage recruitment operations and mentioned some of the actions the company made to mitigate negative impacts associated with project implementation.