Will RSA Breach Spur Congress into Action?

Sue Marquette Poremba

It seems like everybody is talking about the RSA breach that occured last week -- including members of Congress.


Senator Susan Collins (R-Maine) said the RSA attack is an "urgent" sign for Congress to pass comprehensive cybersecurity legislation, according to an article on The Hill website. She added that it is a reminder that the federal government's cybersecurity infrastructure is just as much at risk as the private sector. The article quoted Collins:


Congress needs to fundamentally reshape how the federal government works collaboratively with the private sector to address all cyber threats, from espionage and cyber crime to attacks on the most critical infrastructure. The need to pass comprehensive cyber security legislation is more urgent than ever.


I believe it was a matter or ironic timing that the RSA breach was announced at the same time that Congress was in the midst of hearings and discussions on the need for strong cybersecurity legislation. According to Federal Computer Week:


Top Senate staff members have been in discussions for several weeks, working to parse language from at least two separate cybersecurity bills that were introduced but not passed in the previous Congress, while senators have just joined the talks.


In addition, the director of information security issues in the Government Accountability Office (GAO) told a House homeland security subcommittee that the time has come for Congress to heed the GAO's recommendations on cybersecurity issues. An article at DefenseSystems.com stated:


The federal government continues to face significant challenges in protecting the nation's cyber-reliant critical infrastructure and federal information systems," said Gregory Wilshusen, GAO's director of information security issues.


Initiatives that have been introduced as ways to improve cybersecurity by GAO but have not been fully implemented include:


  • 24 near- and midterm recommendations in President Barack Obama's cybersecurity policy review of 2009. Although recommendations are being implemented, they could take years to complete.
  • Updating the national strategy for securing the information and communications infrastructure.
  • Developing a comprehensive national strategy for addressing global cybersecurity and governance.
  • Finalizing cybersecurity guidelines and monitoring compliance related to electricity grid modernization, being developed by National Institute of Standards and Technology.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.