For Immediate Release
November 21, 2002
ACP PRAISES PASSAGE OF LEGISLATION TO STRENGTHEN
THE FEDERAL GOVERNMENT'S COMPUTER SECURITY
107th Congress was a "Cyber Security Congress"
Washington, DC-- - "We congratulate this Congress for not only taking concrete steps to improve the federal government's cyber security, but also for doing it in the right way." said ACP Executive Director Bruce Heiman. "The federal government decided to work with, not against, the private sector and to take advantage of rapid development and continuous improvement of cyber security products and services in the marketplace.
"Government action cannot come soon enough," added Heiman. A hearing this week by the House Government Reform Committee's Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, chaired by Rep. Stephen Horn, again reviewed computer security in the federal government departments and agencies. Once again, the government received an overall failing grade. In fact, the General Accounting Office says that they found "significant information security weaknesses that placed a broad array of federal operations and assets at risk of fraud, misuse and disruption."
Legislation passed by the 107th Congress creating a Department of Homeland Security improves cyber security by:
- requiring all federal agencies to meet a baseline level of computer security while ensuring that the standards for such security will be technology-neutral and product-neutral;
- retaining NIST's Computer Security Division at the Department of Commerce rather than moving it to the Department of Homeland Security, thereby helping to preserve its independence;
- creating an Undersecretary for Information Analysis and Infrastructure;
- providing liability protection for companies who develop anti-terrorism technologies, goods and services, including information technology;
- establishing a "NET Guard," or volunteer teams, that would help the local communities respond and recover from attacks on information systems and communications networks;
- promoting the voluntary sharing of information about cyber security threats and solutions; and
- increasing penalties for computer-related crimes.
Congress also passed separate legislation significantly increasing authorized federal spending on computer security research. The bill (H.R. 3394), championed by Science Committee Chairman Sherwood Boehlert, authorizes $903 million over five years. Under the bill, the National Science Foundation and the National Institute of Standards and Technology would issue research grants, fellowships and internships for students. The bill also would improve undergraduate and master's degree programs in network security; and increase the number of college-level cyber security instructors. Congress also authorized NIST to provide managers in federal agencies and departments with a security checklist that they can use to best secure their systems. However, Congress specifically left it to those agencies and departments to decide which products and technologies they should use.
ACP is a broad-based coalition of more than 100 companies, 40 associations and interest groups, and 7000 individuals. ACP was formed to focus on issues at the intersection of electronic information and communications, privacy rights, law enforcement, and national security.
ACP supports policies that promote industry led, market driven solutions to critical information infrastructure protection and opposes government efforts to impose technological mandates or design standards, or to increase widespread monitoring or surveillance. ACP also supports policies that advance the rights of American citizens to encrypt information without fear of government intrusion, and led the private sector fight to lift export restrictions on U.S.-made encryption products.