U.S. Senate, NLC Debate Cybersecurity Policy

July 5, 2011
FedCyber Wire
No Comment

via National League of Cities

From the White House to Congress, federal leaders are looking at a range of policy options to bolster the United States’ ability to thwart Internet threats ranging from cybercrime to terrorist activity. With the White House having released a cybersecurity proposal in May and no less than three Senate committees considering legislation, there is consensus that the federal government must do more to ensure the safety of e-commerce and secure critical infrastructure from online threats.

Virtually all the proposals before Congress to bolster cybersecurity would impact cities and towns in some manner. NLC’s Public Safety and Crime Prevention (PSCP) Committee has dedicated significant time this year to considering additions to National Municipal Policy on cybersecurity concerns. Of greatest concern is the cyber threat to critical infrastructure owned by municipal governments and securing the vast amounts of sensitive electronic data most cities hold on their infrastructure, citizens and employees.

The PSCP Steering Committee has heard from a number of speakers on just how dangerous the cyber threat has become in a short period of time.

“We are working to ensure that the National League of Cities has the right policies in place to advocate for cities on what has become a serious criminal and homeland security concern,” said Committee Chairman Erich Hackney, councilmember, Lumberton, N.C.

The committee’s policy discussions on cybersecurity could not come at a more important time. In May, the administration sent Congress a comprehensive proposal on cybersecurity.

Most significantly for cities, the proposal would require the creation of critical infrastructure cybersecurity plans. The Department of Homeland Security (DHS) would collaborate with critical infrastructure stakeholders, ranging from power and water utilities to the financial sector, ensuring they are aware of the greatest cyber risks to their assets. Each critical infrastructure operator would develop a plan for addressing the threats, which would need to be certified by a third-party commercial auditor.

Continued here.