The draft version of the comprehensive cybersecurity bill could give the Homeland Security Department the ability to take “any lawful action” against contractors if their systems are under attack.
Bob Dix, a former staff director for the House Oversight and Government Reform Committee and now vice president government affairs and critical infrastructure protection for Juniper Networks, said that could mean taking over a vendor’s system that contains federal data.
“There’s some concern about what would be the criteria about that and how it would be the government has the ability under a provision of lawful action to take over a system used by an agency even if it’s owned by a contractor,” Dix said. “I am worried about the notion that suggests the government would have the authority under law to be able to take over systems of contractors if they view them as having vulnerabilities even if only a small percentage of that is government utilization.”
The provision Dix is talking about is in Section 3553 of the bill’s Federal Information Security Management Act (FISMA) Reform section.
via Federal News Radio, continued here.