Sunday, May 03, 2009

Proposed Cyber Law Requires Security Licensing

The Cybersecurity Act of 2009, known formally as Senate Bill 773, is best known for its radical recommendation to give the president authority to shut down parts of the Internet under cyberattack.

While well meaning, and a positive sign that the Obama administration is taking cybersecurity more seriously than his predecessor, some critics say it would activate not just an Internet kill-switch, but also a business kill-switch with burdensome licensing requirements for IT security professionals.

The issue is that businesses already struggling with resources to meet the current tangle of regulations -- SOX, HIPAA and PCI -- would have to add another to their project plans.

Section 7.a of the bill is short on details about the licensing requirement for the public sector, other than to say it would be administered by the Secretary of Commerce. It also isn't clear on whether it would be mandatory for cybersecurity professionals other than those working for the federal government.

Would a CISSP be enough for an IT security professional at private company? That remains to be seen.


Post a Comment

<< Home