A Senate bill is underway that would allow the U.S. Department of Homeland Security to require that companies maintain a certain level of computer security in an effort to thwart potential cyber attacks.
According to an Associated Press (AP) news report this week, the legislation is intended to ensure computer systems that run power plants and other essential infrastructure networks are protected from terrorists, hackers, or other criminals.
The bill is gaining a lot of attention from companies that oppose such regulation, citing cost and privacy issues, and from security specialists that say it doesn”t go far enough to protect the nation’s vital networks, such as water and power plants. As much as 85 percent of America’s critical infrastructure is owned and operated by private companies, AP reports.
Under this bill, AP says Homeland Security would not regulate industries that are under the authority of an agency like the Nuclear Regulatory Commission with jurisdiction already over cyber issues.
|FC Poll: Cyber Security Still Not A Priority for Many
In a recent Flow Control trendlines poll, only 5.3 percent of respondents said their company has “robust cyber security.” The poll shows 15.8 percent of respondents work for companies that have not started planning for cyber security. Another 26.3 percent were in the planning phase and 31.6 percent were in the early-implementation phase. Further, 21.1 percent responded that they “don”t know what Stuxnet is.”
To see the poll results click here.
While the Senate is expected to introduce its comprehensive cyber security bill as early as today, the House is drafting legislation that would offer incentives rather than create regulations for owners and operators of vital systems, according to a Bloomberg Businessweek report.
In this approach, companies could be awarded tax breaks for good cyber security practices or offered liability protection from civil or criminal lawsuits, according to the Businessweek report.
Businessweek says House leaders have not said when the legislation would be up for vote.
As reported in the January issue of Flow Control, since the Stuxnet computer worm attack in 2010, vendors like Siemens have launched aggressive product development initiatives to introduce software solutions to help prevent similar cyber attacks. Stuxnet became the first known cyber attack on an industrial process, targeting Iran’s nuclear program by shutting down centrifuges at a uranium enrichment facility.
Entities like ISA Security Compliance Institute and Wurldtech are also working to help develop standards for certifying equipment that provide a certain level of cyber security protection, according to Joel Langill, cyber-security specialist, trainer, and founder of SCADAhacker.com.
For a further look at cyber security and industrial control systems, read “Is Stuxnet Dead?” in the January issue of Flow Control here.