UPDATE: The House Permanent Select Committee on Intelligence passed the Cyber Intelligence Sharing and Protection Act (CISPA) this afternoon. The vote was 18 in favor and two (Adam Schiff (D-CA) and Jan Schakowsky (D-IL)) against. For more information, read The Hill.
The last 24 hours have seen two important Washington developments on the cybersecurity front.
Senator Rockefeller's Letter to the SEC
We've been discussing the Securities and Exchange Commission's Cybersecurity Guidance since it was issued last year (including here just Monday). Yesterday, Senator Jay Rockefeller (D-WV) sent a letter to the SEC, urging newly confirmed Chairman Mary Jo White to issue more authoritative guidance in order to encourage publicly traded companies to detail their cybersecurity risks and what steps they are taking to mitigate the threats.
The Senator's letter said, “Investors deserve to know whether companies are effectively addressing their cyber security risks — just as investors should know whether companies are managing their financial and operational risks,” the letter said. “Formal guidance from the SEC on this issue will be a strong signal to the market that companies need to take their cyber security efforts seriously.”
The Senator’s letter is part of a rapidly growing trend to hold companies, and ultimately their board of directors, responsible for both oversight and making such disclosures. The question is, are companies and their board of directors paying attention?
President Obama's Budget -- More $$$ for Cybersecurity
The second development came later yesterday when President Obama unveiled his 2014 budget proposal. The 2014 budget specifically allocating billions for funding of research and development and specifically to the Departments of Homeland Security, Commerce and Justice, for programs aimed at identifying and mitigating cyberthreats.
In his budget proposal, the President said, “Cyberthreats are constantly evolving and require a coordinated and comprehensive plan for protection and response...As we continue to see across the nation, no sector, network or system is immune from penetration by those who seek to make financial gain, to perpetrate malicious and disruptive activity, or to steal commercial or government secrets and property.”
The budget proposal can be seen as the President putting the money behind his statements regarding the importance of addressing cyberthreats in his State of the Union address as well as the recent Cybersecurity Executive Order.