|
|
|
|
 |
| Tech Update Security |
|
OPINION
Congress to lay down law on security
By Wayne Rash
February 7, 2002
[an error occurred while processing this directive] |
Despite all of the gnashing of teeth and rending of garments regarding organized security threats over the last four months, there wasn't any substantive movement until last week, when Senator John Edwards (D-NC) introduced the Cyberterrorism Preparedness Act of 2002 (S. 1900). The Act aims to create a set of best computer security practices for the government.
This bill, if enacted, would direct the National Institute of Standards and Technology to oversee a study on best computer security practices, which would focus on ways to help prevent cyberterrorism. After the study, a set of best practices would be developed. Then there would be a recommendation as to whether contractors and grantees (people and companies that get money from the government) would be required to follow the best practices. Finally, there would be several models developed, and eventually, the best model would be implemented.
| [an error occurred while processing this directive] |
So if it's all this theoretical, why should you care? Because if this bill passes--and there's a good chance it will--you can assume you'll have to follow the prescribed best practices. Your company might not do business with the government directly, but you may work with another one that does. As a result, you could find yourself being required to use a government-approved firewall or intrusion detection system, or maybe an improved network management system. You could also be required to beef up your authentication, both of users and partners, perhaps through the use of smart cards or biometric devices to ensure that the data you're trading with your business partners is untainted by the touch of terrorists.
Of course, a company can go beyond government requirements. But companies would also find that there will probably be auditing and reporting requirements to demonstrate compliance, so it's likely that there will be more paperwork--perhaps a lot of it. It's unlikely that the US government will go to the trouble to protect itself against cyberterrorism and then not require that the companies with which it does business not be protected. To do so would simply mean that the bad guys could attack government contractors as a way to break in to the government computers and networks.
In the immediate future, this bill won't affect you much. Assuming it passes, there will be about six months while the study takes place, the preliminary best practices announced, and the implementations modeled in several locations in the government. Only when the final form of those practices shakes out are you likely to be affected.
So here's your heads up. While you wait for the final word, you'll have the opportunity to track the bill's progress and perhaps voice your thoughts to Congressional representatives. As you're aware, many businesses can influence impending regulations most effectively by working with their members of Congress and their Senators. But the bottom line is to make sure the Cyberterrorism Preparedness Act of 2002 stays on your radar screen. You can't afford to be oblivious to coming regulations until they drop out of the sky and land on you.
![]() |
|
[an error occurred while processing this directive] |
![]() |
 |
![]() |
[an error occurred while processing this directive]
|
|
[an error occurred while processing this directive]
|
|
|
|
