TRENDING:

The Public Eye with Eric Chabrow

Feds Can Secure IT Without New Law

The Only Thing You Need from Congress is Money Eric Chabrow (GovInfoSecurity) • September 17, 2010    
Feds Can Secure IT Without New Law

One of the prime authors of the E-Government Act and the Federal Information Security Management Act, former Rep. Tom Davis, say there's no great need for Congress to pass comprehensive cybersecurity legislation this year.

Davis, a northern Virginia Republican who left Congress two years ago, says in an interview that there's a lot the White House can do to improve the safeguarding of the federal government computers and networks without the need for new legislation:

"The administration wants to act and make this a priority, the only thing you need from Congress is money. So, there is nothing to stop OMB (Office of Management and Budget) or an executive board or something from taking this and ordering the bureaucracy: 'This is what we do.'"

The White House is moving forward without legislation. For example, earlier this year Federal CIO Vivek Kundra and White House Cybersecurity Coordinator Howard Schmidt directed federal agencies to move to continuously monitor their IT systems, a major component in some cybersecurity bills before Congress to update FISMA, the law that governs federal IT security compliance.

What Davis says would require legislation - besides appropriations bills - are measures involving the government in the securing of IT systems controlled by the private sector. To get business to cooperate with government to protect privately owned IT, Congress would need to enact legislation to exempt businesses from elements of the Freedom of Information Act, loosen tort liability rules and limit pretrial discovery, Davis says. Simply, he says, businesses might need to expose corporate secrets with the government to improve IT security and they don't want others to see and use them.

"The private sector will be very reluctant to share information if it's readily discoverable, either by competitors or by trial bar. ... Nobody is going to share their information with government if some trial lawyer is to get out there and pop off when some data was potentially breached. "

These are matters lawmakers and their staffs have struggled with and still need to resolve. The likelihood of any bill to pass this year that provides FOIA waivers, eases tort liability and limits e-discovery is a long shot.



About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.