Industry concerned about DHS standards on cybersecurity

Published 23 June 2010

Private cybersecurity companies worry that too-stringent cybersecurity laws and regulations could have a detrimental impact on private sector innovation; “The government needs to be very careful about imposing too much of a top-down standards process,” said McAfee vice president of government relations Tom Gann; “We need to bring products to market very quickly. They need to make sure we can get latest technology”

Imposing tough government cybersecurity standards could have a detrimental impact on private sector innovation, according to officials from the network security firm McAfee. McAfee officials told Hillicon Valley on Friday that they support the cybersecurity bill recently introduced by the Senate Homeland Security and Governmental Affairs Committee but are concerned about DHS imposing stringent, static cybersecurity requirements on private sector companies.

The government needs to be very careful about imposing too much of a top-down standards process,” said McAfee vice president of government relations Tom Gann. “We need to bring products to market very quickly. They need to make sure we can get latest technology.”

The Hill’s Gautham Nagesh writes that Gann said information technology standards developed by private industry are often more effective because they apply internationally and can adapt to technological changes more rapidly than government institutions. He warned that standards could quickly become out of date thanks to the “cyber arms race” between hackers and the institutions they attempt to penetrate.

We tend to do best when those standards are first and foremost developed in private sector because we can move faster,” Gann said. “[Standards] need to continually evolve. Government needs to be sensitive to the rapid pace of innovation in the technology sector.”

The bill also includes an overhaul of the Federal Information Security Management Act (FISMA), the last piece of legislation aimed at overhauling the government’s cybersecurity. The law has been criticized for its focus on paper-based reporting and compliance rather than active monitoring of networks.

McAfee director of federal business development Tom Conway praised the bill, calling it a comprehensive approach to protecting both government networks as well private sector assets deemed critical to national security.

The bill “clearly further empowers the White House to drive cybersecurity initiatives across the government,” Conway said, adding that it also gives DHS a larger role in implementing those initiatives. He praised the legislation’s emphasis on public-private sector partnerships and said it represented a step forward in the federal debate over cybersecurity.