Proposal Would Shore Up Government Cyber Defenses
Brian Krebs writes on Security Fix:
While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance.More here.
The "U.S. Information and Communications Enhancement Act of 2009," which would update the Federal Information Security Management Act, or FISMA, calls for the creation of hacker squads to test the defenses of federal agency networks. In addition, agencies would be required to show that they can effectively detect and respond to the latest cyber attacks on their information systems.
Critics of the current law say it merely requires agencies to show they have the proper cyber security policies in place, but not necessarily demonstrate that those policies are helping to block or mitigate real-world attacks.
"Only about five federal agencies are testing to see whether they are actually implementing these requirements," said Alan Paller, director of research for the SANS Institute, a security training group based in Bethesda, Md. "Agencies need to be measured on how well they block known attacks, and that's the opposite of what they're measured against now, which is how secure they are on paper."