Data Security & Privacy

Proposed Legislation Highlights U.S. Government’s Lack of Centralized Control Over Cyber-Infrastructure

A reported issued last week by the U.S. Congress stated that Chinese cyber-warfare is capable of posing a “genuine risk” to U.S. national security.  Foreign governments are capable of launching a non-conventional war that could cause a “catastrophic” failure of systems and networks supporting critical infrastructure, factories, and databases.  Categorizing a cyber-attack as an “act of war” is a term of art that could have serious implications for small and large businesses alike.  Specifically, if a business owner/victim tries to make a claim on their general liability insurance policies.  Under most insurance policies, “Acts of War” are exclusionary terms that prevent insurance companies from having to pay-out on any claims made by their insureds.

In response to this report, two legislative bills were introduced into the U.S. Senate – one by Senators Joe Lieberman (I – Connecticut) and Susan Collines (R – Maine), and the other by Senator John McCain (R – Arizona).  The Leiberman-Collins Bill would give the federal government greater authority to regulate security used by companies that run the nation’s critical infrastructure.  The Department of Homeland Security would be responsible for establishing minimum requirements on companies whose products and services could lead to massive systems failures.  However, some experts argue that the Department of Homeland Security is not qualified, nor does it have the capabilities, to undertake such a directive. 

Currently, the U.S. Secret Service and Federal Bureau of Investigations investigate and prosecute cyber-crimes (in cooperation with the Department of Justice); The Central Intelligence Agency and National Security Agency provide analysis on potential attacks, and have recently created a Cyber-Command group; Homeland Security receives reports on security breaches, but has no authority to compel businesses to implement better procedures; and the Federal Trade Commission handles consumer protection affairs.  Those same experts agree that broadening the scope of an agency’s authority is key to adequately addressing the vulnerabilities of our nation’s cyber-infrastructure.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.