Congress is getting ready to head out for its August break and Washington is going into its summer slumber period, but some exciting cybersecurity-related news is coming from the nation’s capital during this waning legislative period. The House of Representatives has passed legislation that would strengthen the Department of Homeland Security’s (DHS) efforts to protect the country’s critical infrastructure from potential cyber threats.
According to the legislation, DHS would have to come up with a strategy to quicken cyber defense technologies. Also, what’s being called the Homeland Security Cybersecurity Boots on the Ground act, which according to ExecutiveGov, would “mandate that the department establish a cybersecurity occupations classification system.”
Also, DHS is doing even more to take a stand on cybersecurity, according to Politico:
The Department of Homeland Security is getting behind a private-sector initiative to promote awareness of cyber-risks, adding a handbook produced by the National Association of Corporate Directors to the list of cybersecurity self-help tools publicly available under its Critical Infrastructure Cyber Community Voluntary Program. The goal is to help America’s executives understand not only what the risks are, but also how to address them.
With all of the conflict happening in the world today, maybe it seems like cybersecurity isn’t the most important thing that Congress or DHS should be focusing on. But as Tom Bain, senior director of marketing and security strategy at CounterTack, told me in an email:
The DHS Report underscores the need for enterprises to continue taking immediate steps to keep the bad guys out and the corporate network running. Aside from the obvious damage done to a company’s brand, each breach could cost tens of millions in lost IP. And for Fortune 500 companies the stakes are higher. If the hackers are having a free-for-all inside a corporate network unbeknownst to the IT administrator and SOC, then there-in lies a bigger problem. Today, companies can beat adversaries at their own game by incorporating elements of stealth detection and full attack/event capture to better understand their methods and what will stop them in their tracks. Organizations should also look at how they are protecting endpoints (laptops, servers, desktops, mobile devices) and understand that they are often weak links in any network, based on the data that exists there, but also by virtue of user behavior which is often ill-advised.
As I’ve said many times before, we have to start somewhere to get the nation’s leaders—whether they walk the hallways of Congress or Wall Street—to do a better job addressing cybersecurity. I agree with what Todd Feinman, CEO with Identity Finder, said to me in an email. According to Feinman, the DHS Report isn’t likely to reveal anything earth shattering, but it will reinforce the need for retailers, hospitals, banks and global enterprises to think less about the convenience of remote and virtual offices and to think more about how to better protect sensitive and proprietary data. But, he added:
It is clear that we live in a world where it is no longer a matter of if, but when an attack will get through. Blocking every type of attack is ideal but unrealistic. Enterprises need to put more emphasis on knowing where the most sensitive data that thieves want to steal is located and minimizing access to it.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba