Cybersecurity has been a great concern for federal agencies for over one decade now. Due to the increased frequency of attacks as well as their sophistication, keeping up with cyber-attacks has been a great challenge to the federal agencies. For federal agencies to fulfill their responsibility of protecting cyberspace, several revisions on the current law have been proposed to increase information security in the cyberspace ( Fischer, 2013 ). The proposed legislation focuses on areas such as protecting privately held critical infrastructure, cybersecurity information sharing among private and government entities, protection of federal systems, reforming of the Federal Information Security Management Act (FISMA), cybersecurity workforce, research, and development.
Regarding protection of privately held critical infrastructure, the proposal requires the secretary of Homeland Security to perform risk assessment on each sector and use assessment results to prioritize designation of private sector CI entities, determine necessary security requirements for protecting them, determine any necessary additional regulations for protection, develop the necessary additional regulations in consultation with entities involved, and enforce the developed regulations ( Office of Management and Budget , 2014 ). The proposed regulations also require CI owners and operators to annually certify their compliance, a failure to do so will attract civil penalties. The compliance is based on self or third-party assessments.
Delegate your assignment to our experts and they will do the rest.
Effective protection of information systems has been hindered by several barriers to sharing information regarding possible threats, vulnerability to attack, and other key issues in cybersecurity. Proposal to the law has been made in order to reduce such barriers ( Office of Management and Budget , 2014 ). Such proposals include creating entities for information sharing, establishing provisions for sharing classified information, establishing authority for information sharing between federal agencies and private-sector entity, limiting disclosure of shared information limiting information usage by the government for specified purposes, limiting information sharing liability, and providing liberties protection.
Proposals were also made on Department of Homeland Security (DHS) authorities for the protection of federal systems ( Fischer, 2013 ). It was proposed that DHS’ current role in cybersecurity be formalized. Furthermore, some proposals were made regarding reforming of FISM such as continuous requirements of genic-wide formation security as well as requirements for continuous monitoring of agency systems. Other proposed topics revision of current cybercrime law, requirements for data breach notifications, the establishment of bills authorizing defense-related cybersecurity.
Safeguarding information sharing in the cyberspace can be achieved by implementing most of the proposed revisions. Sharing of vital information related to the vulnerability of attack, type of attack, and threats are the main tool for ensuring cyberspace security. Therefore, the vital proposal that should be prioritized is eliminating barriers to information sharing. Once the barriers to information sharing are eliminated, there will be the effective, timely and cost-effective way in which vital cybersecurity information is shared across all sectors including the private sector ( Fischer, 2013 ). This will give the federal agencies easy task in ensuring security across all sectors. Developing cybersecurity regulations as well as introducing penalties for noncompliance is also vital in fighting cybercrime. Relevant and strict regulations and requirements should be put in place so that all sectors are involved in practices that do not make them vulnerable to cybercrime. Furthermore, a reform to FISMA is also essential.
The current FISMA contain a lot of paperwork and intensive accreditation requirements making it difficult for most sectors to comply with. Currently, only federal agencies and private contractors related to federal agencies comply with FISMA. Under FISMA requirements, information sharing is not allowed to happen with noncompliance agencies ( Office of Management and Budget , 2014 ). This has caused an obstacle to information sharing between federal agencies and most private agencies. Reforming FISMA in a manner which it transforms from too much paperwork framework such that it focuses mainly on continuous security monitory will improve cybersecurity as well as improving compliance.
References
Federal Information Security Management Act of 2002 (FISMA), 44 U.S.C. §§ 3541-3549.
Fischer, E. A. (2013).Federal Laws Relating to Cybersecurity: Overview and Discussion of Proposed Revisions . Washington, D.C.: Congressional Research Service. 7-5700; R42114. (Focus on FISMA provisions.) https://fas.org/sgp/crs/natsec/R42114.pdf
Office of Management and Budget (2014). Annual Report to Congress: Federal Information Security Management Act (FISMA) 2014. Washington, D.C. https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/egov_docs/fy_2013_fisma_report_05.01.2014.pdf
