Cyber security bill launches in Senate

Cyber security legislation that would update laws that govern how the federal government secures its information systems as well as help safeguard vital private networks that American society depends on hit the Senate last week.

02/29/2012


ISSSourceCyber security legislation that would update laws that govern how the federal government secures its information systems as well as help safeguard vital private networks that American society depends on hit the Senate last week.

Five years in development, the Cybersecurity Act of 2012 is ready to go as threats against government and private IT systems intensify.

“Our nation’s vulnerabilities have already been demonstrated by the daily attempts by nation-states, cybercriminals and hackers to penetrate our systems,” Sen. Susan Collins, R-ME, one of the bill’s sponsors, said in a Senate speech. “The threat is not just to our national security, but also to our economic well-being.”

Collins, ranking member of the Senate Homeland Security and Governmental Affairs Committee joined Committee Chairman Joseph Lieberman, ID-CT; Senate Commerce Committee Chairman Jay Rockefeller, D-WV; and Intelligence Committee Chairwoman Diane Feinstein, D-CA, as chief sponsors of the bill.

The legislation would codify some of the authority the Obama administration has granted the Department of Homeland Security over federal civilian agency IT security and create the National Center for Cybersecurity and Communications within DHS, headed by a Senate-confirmed director, to coordinate federal efforts to battle cyber security threats facing the government and the nation’s critical information infrastructure, the mostly privately owned networks that control the flow of money, energy, food, transportation and other vital resources that the economy needs to function.

The bill would amend the Federal Information Security Management Act to require the government to develop a comprehensive acquisition risk management strategy, moving away from a culture of compliance to one of security by giving DHS the authority to streamline agency reporting requirements and reduce paperwork through continuous monitoring and risk assessment.

Penetration testing through red-team exercises would be an emphasis under the bill’s provisions as well as operational testing of systems to ensure agencies are aware of network vulnerabilities. The bill’s sponsors said the legislation would also ensure agencies make informed decisions when purchasing IT products and services by directing the Office of Management and Budget to develop security requirements and best practices for federal IT contracts.

One of the more contentious parts of the bill is one that would establish a mechanism in which the owners of the national information infrastructure would help develop cyber security standards that they would need to follow.

DHS would assess the risk and vulnerabilities of critical infrastructure systems that threaten the nation’s well-being to determine which networks must meet a set of risk-based security standards. Operators of these systems who believe their systems do not enjoy the proper designation could appeal DHS’s determination.

The bill calls for developing risk-based performance requirements, looking first to existing standards or industry practices. If a sector is sufficiently secure, there would be no need to develop new performance requirements. Under the bill, the owners of a covered system would determine how best to meet the performance requirements and then verify that it was meeting them. A third-party assessor could also verify compliance, or an owner could choose to self-certify compliance. Current industry regulators such as the Securities and Exchange Commission for the banking industry would continue their oversight.



Top Plant
The Top Plant program honors outstanding manufacturing facilities in North America.
Product of the Year
The Product of the Year program recognizes products newly released in the manufacturing industries.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
June 2018
2018 Lubrication Guide, Motor and maintenance management, Control system migration
May 2018
Electrical standards, robots and Lean manufacturing, and how an aluminum packaging plant is helping community growth.
April 2018
2017 Product of the Year winners, retrofitting a press, IMTS and Hannover Messe preview, natural refrigerants, testing steam traps
June 2018
Machine learning, produced water benefits, programming cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
Spring 2018
Burners for heat-treating furnaces, CHP, dryers, gas humidification, and more
April 2018
Implementing a DCS, stepper motors, intelligent motion control, remote monitoring of irrigation systems
February 2018
Setting internal automation standards

Annual Salary Survey

After two years of economic concerns, manufacturing leaders once again have homed in on the single biggest issue facing their operations:

It's the workers—or more specifically, the lack of workers.

The 2017 Plant Engineering Salary Survey looks at not just what plant managers make, but what they think. As they look across their plants today, plant managers say they don’t have the operational depth to take on the new technologies and new challenges of global manufacturing.

Read more: 2017 Salary Survey

The Maintenance and Reliability Coach's blog
Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
One Voice for Manufacturing
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Maintenance and Reliability Professionals Blog
The Society for Maintenance and Reliability Professionals an organization devoted...
Machine Safety
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
Research Analyst Blog
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Marshall on Maintenance
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
Lachance on CMMS
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
Electrical Safety Update
This digital report explains how plant engineers need to take greater care when it comes to electrical safety incidents on the plant floor.
Maintenance & Safety
The maintenance journey has been a long, slow trek for most manufacturers and has gone from preventive maintenance to predictive maintenance.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Randy Steele
Maintenance Manager; California Oils Corp.
Matthew J. Woo, PE, RCDD, LEED AP BD+C
Associate, Electrical Engineering; Wood Harbinger
Randy Oliver
Control Systems Engineer; Robert Bosch Corp.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me