A developing US Senate plan that would bolster the government’s ability to regulate the computer security of companies that run critical industries is drawing strong opposition from businesses that say it goes too far and security experts who believe it should have even more teeth.
Legislation set to come out in the days ahead is intended to ensure that computer systems running power plants and other essential parts of the country’s infrastructure are protected. The US Department of Homeland Security, with input from businesses, would select which companies to regulate; the agency would have the power to require better computer security, according to officials who described the bill. They spoke on condition of anonymity because lawmakers have not finalized all the details.
Those are the most contentious parts of legislation designed to boost cybersecurity against the constant attacks that target US government, corporate and personal computer networks and accounts. Authorities are increasingly worried that cybercriminals are trying to take over systems that control the inner workings of water, electrical, nuclear or other power plants.
That was the case with the Stuxnet computer worm, which targeted Iran’s nuclear program in 2010, infecting laptops at the Bushehr nuclear power plant.
As much as 85 percent of the US’ critical infrastructure is owned and operated by private companies.
The emerging proposal isn’t sitting well with those who believe it gives Homeland Security too much power and those who think it’s too watered down to achieve real security improvements.
One issue under debate is how the bill narrowly limits the industries that would be subject to regulation.
Summaries of the bill refer to companies with systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities.”
Critics suggest that such limits may make it too difficult for the government to regulate those who need it.
There are sharp disagreements over whether Homeland Security is the right department to enforce the rules and whether it can handle the new responsibilities. US officials familiar with the debate said the department would move gradually, taking on higher priority industries first.
“The debate taking place in [US] Congress is not whether the government should protect the American people from catastrophic harms caused by cyberattacks on critical infrastructure, but which entity can do that most effectively,” said Jacob Olcott, a senior cybersecurity expert at Good Harbor Consulting.
Under the legislation, Homeland Security would not regulate industries that are under the authority of an agency, such as the Nuclear Regulatory Commission, with jurisdiction already over cyberissues.
The bill, written largely by the US Senate Commerce, Science and Transportation Committee and the Senate homeland security panel, is also notable for what it does not include: a provision that would give the president authority to shut down Internet traffic to compromised Web sites during a national emergency. This “kill switch” idea was discussed in early drafts, but drew outrage from corporate leaders, privacy advocates and Internet purists who believe cyberspace should remain an untouched digital universe.
While the Senate is pulling together one major piece of cybersecurity legislation, the US House of Representatives has several bills that deal with various aspects of the issue.
A bill from a US House Homeland Security subcommittee does not go as far as the Senate’s in setting the government’s role. Still, it would require Homeland Security to develop cybersecurity standards and work with industry to meet them.
“We know voluntary guidelines simply have not worked,” US Representative Jim Langevin said. “For the industries upon which we most rely, government has a role to work with the private sector on setting security guidelines and ensuring they are followed.”
Stewart Baker, a former assistant secretary at Homeland Security, said the government must get involved to force companies to take cybersecurity more seriously.
Concerns about federal involvement, he said, belie the fact that computer breaches over the past several years make it clear that hackers and other governments, such as China and Russia, are already inside many industry networks.
When a hiker fell from a 55m waterfall in wild New Zealand bush, rescuers were forced to evacuate the badly hurt woman without her dog, which could not be found. After strangers raised thousands of dollars for a search, border collie Molly was flown to safety by a helicopter pilot who was determined to reunite the pet and the owner. A week earlier, an emergency rescue helicopter found the woman with bruises and lacerations after a fall at a rocky spot at the waterfall on the South Island’s West Coast. She was airlifted on March 24, but they were forced to
CONFIDENCE BOOSTER: ’After parkour ... you dare to do a lot of things that you think only young people can do,’ a 67-year-old parkour enthusiast said In a corner of suburban Singapore, Betty Boon vaults a guardrail, crawls underneath a slide, executes forward shoulder rolls and scales a steep slope, finishing the course to applause. “Good job,” the 69-year-old’s coach cheers. This is “geriatric parkour,” where about 20 retirees learned to tackle a series of relatively demanding exercises, building their agility and enjoying a sense of camaraderie. Boon, an upbeat grandmother, said learning parkour has aided her confidence and independence as she ages. “When you’re weak, you will be dependent on someone,” she said after sweating it out with her parkour classmates in suburban Toa Payoh,
Chinese dissident artist Gao Zhen (高兟), famous for making provocative satirical sculptures of former Chinese leader Mao Zedong (毛澤東), was tried on Monday over accusations of “defaming national heroes and martyrs,” his wife and a rights group said. Gao, 69, who was detained in 2024 during a visit from the US, faces a maximum three-year prison sentence, said his wife, Zhao Yaliang (趙雅良), and Shane Yi, a researcher at the Chinese Human Rights Defenders group which operates outside the nation. The closed-door, one-day trial took place at Sanhe City People’s Court in Hebei Province neighboring the capital, Beijing, and ended without a
‘TOXIC CLIMATE’: ‘I don’t really recognize Labour anymore... The idea that you can implement far-right ideas in order to stop the far right is nonsense,’ a protester said Tens of thousands of people on Saturday marched through central London to protest against the far right, weeks ahead of local elections and six months after Britain saw one of its largest far-right demonstrations. Organized by hundreds of civic groups, including trade unions, anti-racism campaigners and Muslim representative bodies, Saturday’s Together Alliance event was billed as the biggest in UK history to counter right-wing extremism. A separate pro-Palestinian march had also converged with the main rally. While organizers claimed 500,000 had turned out in total, the police gave a figure of about 50,000. Protesters carrying placards with slogans such as
RSS