Two experts are saying the bill could allow many companies to avoid regulation entirely or drag out the process for up to eight years before they would actually have to improve their computer security.
The legislation would limit the number of industries subject to regulation to those in which a cyberattack could cause "an extraordinary number of fatalities" or a "severe degradation" of national security.
"So an individual infrastructure owner, such as a rural electricity provider, has no responsibility under this title if it can show that an undefended cyberattack would only cause an ordinary number of fatalities?" said Stewart Baker, in testimony prepared for the committee's hearing on the bill Thursday. "How many dead Americans is that, exactly?"
Baker, a former assistant secretary at the Department of Homeland Security who is now with the law firm of Steptoe & Johnson, and James Lewis, a cybersecurity expert and senior fellow at the Center for Strategic and International Studies, said the bill takes important steps toward improving computer security.
But they said the measure has been weakened by corporate and other interests who argued against any attempt at regulation.
By using "terms like mass casualties, mass evacuations, or effects similar to weapons of mass destruction, we are essentially writing target lists for our attackers," said Lewis, also in prepared testimony. "They will attack what we choose not to defend."
The legislation is intended to ensure that computer systems running power plants and other essential parts of the country's infrastructure are protected from hackers, terrorists or other criminals.
The Department of Homeland Security, with input from businesses, would select which companies to regulate, and the agency would have the power to require better...
Source: http://www.mobile-tech-today.com/story.xhtml?story_id=82211
cool kitchen gadgets cool new gadgets cool office gadgets usb cool spy gadgets coolest gadget watches
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন