Senate Bills 773, the draft Cybersecurity Act of 2009 in the US Congress, and S.778 illustrate the current policy directions under consideration and of concern to stakeholders. S.773 proposes to “ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption ….”
In addition, S.773 proposes to “ensure the continued free flow of commerce in part by providing a “cadre of information technology specialists” to improve and maintain effective cybersecurity defenses via standards to be developed by the US National Institutes of Standards and Technology (NIST) and to “enforce compliance” by “software manufacturers, distributors, and vendors” with “a national licensing, certification, and periodic recertification program for cybersecurity professionals” making it “unlawful to provide cybersecurity” to critical US infrastructure without such certification and without yet indicating which infrastructures are to be designated as critical.
S.773 and 778 are two of the dozen legislative actions directly or indirectly shaping cybersecurity policy that currently are being deliberated by the US Congress in some sense to strategically rebalance public-private partnerships and related equities for the CEO. The Conference Record to be provided to the participants will include the text of the related legislation as well as the Congressional Research Service analysis of these policies and related Government actions under consideration. There is no intent to lobby or advocate for or against any such legislation or Government actions, but rather to provide authoritative material in a convenient form to promote the public dialog.