Should the DHS Regulate Cybersecurity for Key Private Businesses?

Building on legislation already in place, the U.S. Senate is set to vote on critical legislation that would give the Department of Homeland Security (DHS) the power to regulate the cybersecurity efforts of privately owned companies, such as utilities and chemical plants for example, that are critical to our national infrastructure or that could be attacked and compromised. Lawmakers are set to vote on the bill within the next two weeks.

Some opponents of the democrat-led legislation point to the DHS’ failings in beefing up physical and cybersecurity at the nation’s chemical facilities, according to a recent story by www.federaltimes.com. Called the Chemical Facility Anti-Terrorism Standards (CFATS), the program has suffered from unstable leadership, inadequate training, and poor hiring practices. And while those who oversee the DHS program claim improvements are being worked on, it is a sign of the inability of the government agency to adequately oversee such projects.

The Republican-led coalition has proposed a competing bill that would not give DHS any extra powers and would promote a more voluntary approach on information sharing of any perceived cyber threats by using existing partnerships between private companies and the government. Some feel that the DHS might overstep its regulatory boundaries and possibly even have an impact of “free-market forces.”

Others feel that giving the DHS regulatory control would stifle the implementation of innovative advances in cybersecurity, as well as putting a heavy burden on private businesses to comply. According to DHS officials, the bill would not require companies to submit their cybersecurity plans, and on-site inspections would only occur in certain cases. It would be more a question of whether a company had secured its critical networks and not one of how it had been accomplished. Companies would also have to self-certify, according to the legislation, or get a third party to do so.

For more information about potential DHS cybersecurity legislation, visit: http://www.federaltimes.com/article/20120320/IT03/203200303