The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts.

The Coalfire Blog

Cyber Security Legislation

October 04, 2012, Rick Dakin, CEO, Co-founder and Chief Security Strategist

Bookmark and Share

Rick Dakin

Every October, the National Cyber Security Alliance sponsors National Cyber Security Awareness Month, and a growing number of businesses and institutions are joining the chorus.  The White House got in on the act, too, with this Presidential Proclamation.

To celebrate the month, Coalfire will be blogging on topics of interest to our customers and business partners, and we invite you to join the discussion. This first post is an update on cyber legislation.

In late July, the national cybersecurity bill sponsored by Senators Joseph Lieberman and Susan Collins was blocked in the Senate by a filibuster, with a vote of 56-42.  This White House-backed bill would have regulated and protected privately owned critical infrastructures such as water systems, public utilities and chemical plants.

The U.S. Chamber of Commerce is vehemently opposed to this legislation and have stated they believe it’s too much government interference for the free market. Conversely, several major corporations supported the adoption of this legislation including Cisco, EMC, Microsoft, Symantec and the Silicon Valley Leadership Group. Senator Lieberman has publicly stated he plans to press this legislation forward -- and we hope that he does.

Why does this matter? As leaders in the IT GRC industry, we believe there needs to be a national set of cybersecurity guidelines to protect America’s critical infrastructure from malignant threats. While this legislation may not be perfect, it’s important that we start somewhere, however, and we expect this heated debate to continue. The Senate has already received letters in support of this legislation from General Keith Alexander, the chief of the United States Cyber Command and the director of the National Security Agency as well as Martin E. Dempsey, the Chairman of the Joint Chiefs of Staff.

It is easy to see why these informed cyber warriors would be pressing for increased protection of our critical infrastructure.  As I asked my friends in the US Cyber Command what they are protecting, the response was suprising.  They responded with, “who said anything about defense?”  Let there be no mistake, the art of war has shifted to cyber space.  We do not yet have a cyber Pearl Harbor but the capabilities are being developed and some early indications are that cyber warfare is effective.  We can just ask our friends in Iran how a piece of malware called Stuxnet derailed their plans to enrich uranium for use in nuclear warheads.  The response by Iran and others was immediate.  They each started their own offensive cyber warfare units.  With both capability and intent, the United States should carefully consider the impact of targeted cyber attacks as part of a broader tool for foreign policy.

On September 18, Senators Coons and Blumenthal called upon President Obama to convene an inter-agency group to develop private sector voluntary digital safeguards to protect our critical infrastructure. At Coalfire, we support this measure and believe this would be a solid step forward until legislation is achieved.  

We need to move beyond the shortsighted old line industry barriers and help our economy move forward into a new generation of Cloud-based services.  The United States is well positioned to lead this migration into mobile applications for entertainment, business, and government.  If we act quickly to secure our critical infrastructure, the Unites States will become the only “safe” place to host online commerce and government communications.  We can either invest in the type of projects that led to the Interstate Highway System or let our early technology lead be squandered.  If our electric grid is disrupted or our transportation systems becoming inoperable, our ability to host new mobile services is greatly diminished.

Can you imagine China hosting our Electronic Health Records or India becoming the home for mobile commerce services?  If we act now, we will accelerate our lead in secure online services and protection of critical infrastructure that provides a wave of opportunity to the next generation of entrepreneurs and enables those entrepreneurs to innovate on an infrastructure that is truly reliable and for the first time truly protected form cyber attack.  This is not just a Cybersecurity bill; it is a JOBS bill.

What do you think? Please post your comments below so we can continue the dialogue.  Find more information on the legislation here:


<< Go Back

Blog post currently doesn't have any comments.

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit Azure bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 CPRA credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS