Four Cybersecurity Bills Pass Congress

While the Sony hack has dominated cybersecurity news the past few weeks, there was some other news concerning actions taken by the United States Congress on this front. In a little reported move, the 113th Congress in its waning days passed four (4) cybersecurity- related bills:
  • The Cybersecurity Act
  • The National Cybersecurity Protection Act
  • The Border Patrol Agent Pay Reform Act
  • Cybersecurity Workforce Assessment Act
4 cybersecurity bills pass congress

The Cybersecurity Act allows the Obama administration to start writing new voluntary standards for industry to use to prevent attacks on critical infrastructure like power grids.

The National Cybersecurity Protection Act requires the Department of Homeland Security’s National Cybersecurity and Communications Integration Center to start sharing information on potential threats with private companies, who bear the brunt of most cyber attacks.

The Border Patrol Agent Pay Reform Act also includes language authorizing DHS to boost the pay and benefits of new recruits focused on cybersecurity issues.

And the Cybersecurity Workforce Assessment Act requires the secretary of homeland security to determine how to bolster the cybersecurity workforce across the sprawling department.”

According to the Hunton & Williams Privacy and Information Security Law Blog, these bills, “(1) clarify the role of the Department of Homeland Security (“DHS”) in private-sector information sharing, (2) codify the National Institute of Standards and Technology’s (“NIST”) cybersecurity framework, (3) reform oversight of federal information systems, and (4) enhance the cybersecurity workforce.”

Screen Shot 2014-12-23 at 2.44.28 PM

The President is expected to sign these four pieces of legislation, which represents the first time that Congress has passed and sent major cybersecurity legislation to the White House in 12 years.

IoT Security Threats: Know and Prepare for Thy Enemy

The Internet of Things (IoT) is widely regarded as the third and most significant wave of the Internet. It  promises some amazing advancements in literally every industry, from healthcare to energy, to smart cities and smart homes, that will impact us all in ways we have yet to imagine.

As I’ve discussed before, however, IoT also presents new challenges to cybersecurity and privacy. It isn’t a question of if there will be negative IoT impacts, but when, how severe and how pervasive will those negative impacts be.

Untitled

It’s in that regard then that I share this article by Network World’s Colin Neagle.

5 IoT security preps

In his post earlier this week entitled, “5 ways to prepare for Internet of Things security threats,” Neagle recommends the following to prepare for the inevitable IoT cybersecurity challenges before us:

  • Don’t underestimate the security impact of the Internet of Things
  • IT and operations need to communicate when buying, deploying smart devices
  • Keep track of software updates for smart devices
  • Educate end users on the risks
  • Educate IT on the nuances of the IoT

All are helpful, but perhaps none more than the first. Understanding and comprehending what an organization is up against – and what is at risk – is the cornerstone to safely leveraging and operating in the IoT marketplace.

To be honest, it reminds me of something I learned in grade school: students don’t plan to fail, they fail to plan. It will be the same with enterprise and IoT. Successful organizations will not only have the vision to leverage IoT solutions and drive profitability for themselves and their clients, but those organizations will also recognize IoT threats coming around the bend and will prepare ardently and diligently for them, in response.