U.s Senators Introduce Bill For Improving Cyber Security Awareness

By Author: eccuni
Total Articles: 211
Comment this article

Recently, a bill aimed at improving public awareness on cyber security was introduced in the U.S Senate. The bill titled "Cyber Security Public Awareness Act of 2011" was sponsored by Senators Sheldon Whitehouse and Jon Kyl. The bill has subsequently been referred to the Committee on Homeland Security and Governmental affairs. Information technology plays a crucial role in effective functioning of the industry, armed forces, critical infrastructure and national security systems. The bill emphasizes the threats posed by cybercriminals, terrorist organizations and external powers to the economic and national security of the country. The sophisticated threats make consumers vulnerable to data theft and fraud.

Cyber-attacks result in substantial losses for businesses. Cyber-attacks are expected to grow in sophistication and pose further risks for the country. Therefore, cyber security awareness assumes high significance. However, public awareness on cyber security is currently very low. The bill highlights that only a small portion of cyber security information is made available to the public by government departments. The ...
... bill accentuates the need for making available unclassified cyber threat reports to the public.

The bill intends to remove the impediments in improving public awareness on cyber security. The bill requires Department of Homeland Security and Department of Defense to submit separate reports on major cyber incident and aggregate statistics of breaches targeting networks of executive agencies and defense departments respectively. The reports must also provide insights on the risk of cyber sabotage. The reports must be unclassified, but may include classified annexure to protect national security.

The bill requires the Attorney General (AG) and Director of Federal Bureau of Investigation (FBI) to submit a report on investigations and prosecutions related to cybercrime, the number and description of delayed cases, sentences imposed, and the number of employees, financial and other resources devoted in the fight against cybercrime. The reports must be annually updated. The country faces shortage of cyber security experts qualified in IT degree programs, computer forensics, system administration, network administration, security audit and incident management among others.

The Department of Homeland Security (DHS) must submit a report on policies and procedures for Federal agencies to assist private sectors firms to safeguard their information infrastructure. The Securities and Exchange Commission (SEC) has to submit a report on the extent of financial risk as well as legal liability caused to issuers of security due to cyber intrusions and other cybercrimes. The report must also indicate whether the financial statements of the issuers reflect the described risk. The bill defines the primary regulators for each sector and requires them to submit a report on the nature and state of vulnerabilities to cyber-attacks in the respective sectors, prevalence and seriousness of cyber-attacks, steps to diminish attacks and relevance of the concept developed by Defense Industries Base for cooperation with private sector partners on cyber security and information assurance.

The bill requires DHS to enter into a contract with a federally funded research organization, which must prepare and submit report on possible technical improvements, creation of a secure domain, technologies for scanning and detecting cyber threats. E-learning programs, seminars, training sessions and online IT degree programs could help security professionals in keeping abreast of latest threats and security mechanisms.

The AG has to submit a report that provides insights on the relief provided by courts in relation to botnets and other cyber security threats. The report must also recommend improvements in rules of civil and criminal procedure, training facilities and resources required to support Federal judiciary, capabilities of courts as well as improvements in federal civil and criminal laws.

Public awareness on cyber security threats could facilitate people in making informed decision to safeguard computer systems and networks. Online IT courses on cyber security, advertisements, e-flyers, video tutorials and blogs could be used to improve awareness. The proposed Act strives to remove impediments in enhancing public awareness on cyber security.

The DHS has to submit a report on legal and other impediments in enhancing public awareness on cyber security. The report must provide insights on nature and extent of damage caused by cyber threats, minimum security standards and availability of commercial technologies to meet such security requirements. The report must highlight plans to improve public awareness, metrics for testing the efficacy of public awareness campaigns and recommend congressional actions for removing impediments.
All the reports must be submitted to the Congress within 180 days of the enactment of the proposed Act and updated annually.