Congress to address important cybersecurity initiatives

or intrusions

  • Mitigation and recovery methodologies, including techniques to contain attacks and develop resilient networks and systems that degrade gracefully
  • Infrastructure and tools to support cybersecurity R&D efforts, including modeling, testbeds and data sets for assessment of new cybersecurity technologies
  • Technologies to reduce vulnerabilities in process control systems
  • Test, evaluate and facilitate the transfer of technologies associated with the engineering of less vulnerable software and securing the software development lifecycle

    • The bill also sets aside $500,000 to be allotted next fiscal year to study:

    • Liability that subjects software and system vendors and system operators to potential damages for system breaches
    • Required reporting of security breaches that could threaten critical societal functions
    • Regulation that imposes under threat of civil penalty best practices on system operators of critical infrastructure
    • Certification from standards bodies about conformance to relevant cybersecurity standards that can be used as a marketplace differentiation
    • Accounting practices that require companies to report their cybersecurity practices and postures and the results of independently conducted red team simulated attacks or exercises
    • Cybersecurity risk insurance

    A third research project in the bill would have DHS working with national security and intelligence agencies to determine if the government-owned communications and information systems essential to the U.S. electronic grid have been compromised. Research would explore the extent of any compromise; identity of any attacker; method of penetration; ramifications of such compromise on the operation of the electric grid, society and national security, including war-fighting capabilities; and recommended mitigation action.

     

    No dollar amount was specified, meaning DHS can appropriate necessary money from the overall amount granted in the appropriations bill, which is nearly $2.28 billion, as written.

    NIST realignment

    Chabrow writes that on 21 April, meeting in the Rayburn House Office Building, Science and Technology’s Subcommittee on Technology and Innovation will markup a bill that is still being drafted to realign the laboratory structure at the National Institute of Standards and Technology.

     

    Likely, the bill would follow the outline NIST director Patrick Gallagher provided at a subcommittee hearing last month, in which he testified that the ten NIST laboratories would be realigned to emphasize specific missions to improve service delivery.

    Gallagher said the problem with the current structure is that most of NIST’s ten labs emphasize managing their research portfolios and not disseminating their research to government agencies and businesses, which diminishes NIST’s responsibility.

    The realignment of the laboratories isn’t seen as having a significant impact on the Information Technology Lab. In fact, the IT Lab is being held up as a model of what other NIST labs could become. For instance, with its multidisciplinary approach, the IT Lab addresses a wide range of missions including cybersecurity, health IT and voting technology. Now, elsewhere in NIST, some expertise could be spread among several labs.Combating cyber crime and identity theftAt that same morning hour, across the Capitol grounds in the Dirksen Senate Office Building, the Senate Judiciary Committee will hold a hearing entitled Combating Cyber Crime and Identity Theft in the Digital Age. Its chief witness will be Assistant Attorney General Lanny Breuer, who heads the Justice Department’s criminal division. Also scheduled to testify Ari Schwartz, chief operating officer of the Center for Democracy and Technology; Vincent Waefer, vice president of Symantec Security Response; and Otis Kerr, George Washington University Law School professor who has expertise in cyber crime.