[ISN] Proposal Would Shore Up Govt. Cyber Defenses

From: InfoSec News <alerts_at_private>
Date: Tue, 28 Apr 2009 01:12:35 -0500 (CDT)
http://voices.washingtonpost.com/securityfix/2009/04/proposal_would_shore_up_uncle.html

By Brian Krebs  
Security Fix
The Washington Post
April 27, 2009

While cyber attacks have evolved dramatically since the beginning of 
this decade, the regulations governing how federal agencies defend 
against digital intruders haven't been updated since 2002. Legislation 
expected to be introduced Tuesday in the Senate would seek to correct 
that imbalance.

The "U.S. Information and Communications Enhancement Act of 2009," which 
would update the Federal Information Security Management Act, or FISMA, 
calls for the creation of hacker squads to test the defenses of federal 
agency networks. In addition, agencies would be required to show that 
they can effectively detect and respond to the latest cyber attacks on 
their information systems.

Critics of the current law say it merely requires agencies to show they 
have the proper cyber security policies in place, but not necessarily 
demonstrate that those policies are helping to block or mitigate 
real-world attacks.

"Only about five federal agencies are testing to see whether they are 
actually implementing these requirements," said Alan Paller, director of 
research for the SANS Institute, a security training group based in 
Bethesda, Md. "Agencies need to be measured on how well they block known 
attacks, and that's the opposite of what they're measured against now, 
which is how secure they are on paper."

[...]


--
LayerOne 2009, Information Security for the discerning professional. 
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California 
Visit http://layerone.info for more information
Received on Mon Apr 27 2009 - 23:12:35 PDT

This archive was generated by hypermail 2.2.0 : Mon Apr 27 2009 - 23:22:34 PDT