Cybersecurity legislation raises concern about data security proposals
Over the past several months, two Senate committees have examined and approved legislation to provide the federal government more oversight over critical infrastructure. However, combined with other data security proposals, there are concerns over the degree of government’s role in regulating the security of private networks.
The Senate Homeland Security and Governmental Affairs Committee and the Commerce Committee have approved separate bills intended to strengthen and coordinate the security of federal civilian and critical infrastructure networks. The goals of each proposal are similar, but the locations of the new oversight responsbilities are different. The Homeland Security Committee would place the operational center for civilian cybersecurity within the Department of Homeland Security (DHS) and establish a permanent Office of Cyberspace Policy within the White House. The second proposal by the Commerce Committee would place the cybersecurity office within the White House. What are similar are new requirements on private organizations. The initiative would propose a baseline set of security requirements and require private-sector operators of critical infrastructure to report major breaches.
Additional data security legislation is also gaining attention in Congress that would require the Federal Trade Commission to require each person engaged in interstate commerce that owns or possesses certain electronic data to establish security policies and procedures. As each piece of legislation moves through Congress, questions still remain how the two policies would align. Several committee hearings are expected during the coming months that will consider the appropriate public policy necessary to secure cyberspace.