Bill calls for cybersecurity best practices

Bill calls for cybersecurity best practices

Sen. John Edwards says the best practices would be tailored to specific agencies and systems.

A Senate bill introduced last month would require agencies to follow a set of best practices to guard their computer systems.

The Cybersecurity Preparedness Act, sponsored by Sen. John Edwards (D-N.C.), seeks to make the federal government a model for information security. The bill, S 1900, calls for the creation of an independent panel to identify best security practices for agencies, contractors and grant recipients.

A companion bill, the Cybersecurity Research and Education Act, would fund postgraduate research in information security and create a virtual university for CIOs.

Edwards said the bill, S 1901, is necessary in 'a world where a terrorist can do as much damage with a keyboard and a modem as with a gun or a bomb.'

Under the preparedness act, a nonprofit consortium of academic and private-sector experts would define best practices on topics such as password use and updating software patches.

The practices, tailored to specific agencies and systems, would undergo testing by the National Institute of Standards and Technology. After validation, the president would have 90 days to order their use on government systems where appropriate.

The education act would establish information assurance fellowships for doctoral students and provide equipment for teaching and research.

The estimated cost for the preparedness act is $350 million over five years, and $50 million over four years for the education act.

Edwards sits on both the Senate Commerce, Science and Transportation Committee and the Health, Education, Labor and Pensions Committee, which would consider the two bills, respectively.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above