Posted by: Stephen Wildstrom on April 1, 2009
Business expected tougher environmental, financial, and labor regulations from the Obama Administration, but it looks like the feds may be getting ready to move into a new area: the information security practices of some private businesses. As first reported by The Washington Post, Senate Commerce Committee Chairman John D. Rockefeller IV (D-WV) and Senator Olympia J. Snowe (R-Me.) would set federal security requirements for private systems that control critical infrastructure, such as the electrical power grid, and would come with enforcement powers.
The Obama Administration was consulted in the drafting of the legislation but has not yet taking a position on the planned bill. My colleague Keith Epstein reports that Rockefeller, a former Intelligence Committee chair, has been holding private meeting with Commerce members to convince them of the threat.
The move is long overdue in the view of many security experts who are concerned about increasingly sophisticated attacks on
U.S. networks. But finding a federal role in regulation of private security will require resolving a long-running dispute within the government between military and civilian agencies for control of federal cybersecurity. The result would likely be a victory for the civilian side. Any federal role in regulating private security is going to be very controversial, and military involvement would make it vastly more so.