Category Archives: Cybersecurity Act of 2012
My views toward government towards intrusion over free use of the internet tend toward the libertarian. However, I absolutely recognize the risks posed by ongoing threats to our national security by having a weak internet security infrastructure. These weaknesses are not limited to government owned information systems. Through contracts with the government, many private firms also possess vital security information on their information systems as well, not to mention financial institutions through which more and more of our own individual private and business information contained. Not only is information at risk, but the ability to exploit weaknesses in our internet infrastructure could have the effect of severely damaging the world wide web, which we have become so accustomed to, and often take for granted.
The Cybersecurity Act of 2012 calls for the Department of Homeland Security (DHS) to assess risks and vulnerabilities of computer systems running at critical infrastructure sites such as power companies and electricity and water utilities and to work with the operators to develop security standards that they would be required to meet.
The DHS would determine which companies fit the definition of critical infrastructure as defined by systems “whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life.”…
Owners or operators of critical infrastructure systems would need to determine how to best meet performance requirements and to verify that that they were doing so, with owners having the ability to either “self-certify” compliance or use a third-party assessor.
As time goes on, the need becomes more and more urgent. NATO has been conducting exercises in Estonia related to cyber attacks. Estonia, which has strongly embraced internet technology, was the subject of a almost devastating cyber attack four years ago, which is why NATO has maintained its cybersecurity operations there.