RE: Cybersecurity Act Of 2009

The new US gubment wants its hands in everything it can get. As for 'us
security folks' it might mean you'll have to get a cert to work, but how many
already have to get security clearance, etc... to work on a base or for the
government? It'll just be procedural BS anyway, can't imagine it being highly
technical.

Steve Means
Security Instructor/Consultant
smeans_at_ccbootcamp.com
CCBOOTCAMP - A Cisco Learning Partner
877.654.2243 Toll Free
+1.702.968.5100 Direct Outside the USA
+1.702.446.0357 Fax
YES! We take Cisco Learning Credits
Training And Remote Racks: http://www.ccbootcamp.com
<http://www.ccbootcamp.com/>

________________________________

From: nobody_at_groupstudy.com on behalf of Joe Astorino
Sent: Tue 4/14/2009 9:45 AM
To: CCIE R/S, Groupstudy
Subject: OT: Cybersecurity Act Of 2009

I received this at work today, and thought you all might be interested as
well. Kind of interesting, kind of scary in my opinion. I suppose this will
lead to another CCIE track "CCIE cybersecurity" LoL .... yikes.

Here's a link to an interesting piece of legislation in the US: The
'Cybersecurity Act of 2009'

Take a look at section 7, 'Licensing and certification of cybersecurity
professionals', Section 2 'FINDINGS', and Section 18 'CYBERSECURITY
RESPONSIBILITIES AND AUTHORITY'

link: http://www.opencongress.org/bill/111-s773/text

Section 7 discusses licensing of Cybersecurity professionals.

SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL- Within 1 year after the date of enactment of this Act, the
Secretary of Commerce shall develop or coordinate and integrate a national
licensing, certification, and periodic recertification program for
cybersecurity professionals.

(b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this
Act, it shall be unlawful for any individual to engage in business in the
United States, or to be employed in the United States, as a provider of
cybersecurity services to any Federal agency or an information system or
network designated by the President, or the President's designee, as a
critical infrastructure information system or network, who is not licensed and
certified under the program.

In my opinion, licensing could apply to personnel working on non-government
projects which are deemed "critical infrastructure" by the Federal
Government.

Additionally, another important aspect of this bill is a definition critical
infrastructure and who will control it:

SEC. 2. FINDINGS.
(9) According to the February 2003 National Strategy to Secure Cyberspace,
'our nation's critical infrastructures are composed of public and private
institutions in the sectors of agriculture, food, water, public health,
emergency services, government, defense industrial base, information and
telecommunications, energy, transportation, banking finance, chemicals and
hazardous materials, and postal and shipping. Cyberspace is their nervous
system--the control system of our country' and that 'the cornerstone of
America's cyberspace security strategy is and will remain a public-private
partnership'

SEC. 18. CYBERSECURITY RESPONSIBILITIES AND AUTHORITY.
The President-
(2) may declare a cybersecurity emergency and order the limitation or shutdown
of Internet traffic to and from any compromised Federal Government or United
States critical infrastructure information system or network;

The definitions critical is where the difficulties will be and as of today
public-private sectors have fairly distinct boundaries which may soon change.

"He not busy being born is busy dying" -- Dylan

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32) - WinPT 1.2.0

mQGiBEY2qu8RBAD0E7Ydspmpn9/rRfd614pvDaqj4GKAUeWpc8NNJ3xNU9C5TAKg
Ta/52f2DvxgPlw6m7W66AJP0HZODw2ameQ9tNMrz3upKRA+ISFaqkJa99UOTdLGC
W/HtHWZNUJDopBHm3j/TBAAhI0EWvcNIudbHx5zYY4osfDNMaIXYaySwIwCg61Db
RuST/K0PlSUFK9o6AqTmrcsD/ReQLYK/OEzZBQsPBqMD68ADtdYyIA3VZ7nhWCzc
YODiBl36XIskcwyVAnU9YXs/Hf96MfI1R2fvYGW8jJ4WHb3wT1JxgiUG4rUbA2L3
doxNseggGrKC31njFynVuOpdd/TRfsqzV3Yv5MGFPkNG3w/AoiRtwoMZFUtAox3j
EWbBA/4mYkTKS/Rfgpv7QQHj4ajCHsTL/JNSN8LARwbBomUFdJ+0xdNdr7Ax1zC4
FEUfP0plRMLMypKPSNYzlIF8dKGwW2I8hUMfQpmIBA4BXBE0/mbv21lU2AzTkvb1
FssbIzhCkx3mMzESgYIwnnNkJBatTfFqKOxGm//G7s2y1eFPsrQnSm9lIEFzdG9y
aW5vIDxqb2VfYXN0b3Jpbm9AY29tY2FzdC5uZXQ+iGAEExECACAFAkY2qu8CGwMG
CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRAb4dzwEzSi9chbAKCTz89zl4etDIdD
Hewo7LNEmfT8uQCgmbneQqTT5VyIEx75nG5KzJh2K2m5Ag0ERjaq7xAIALgM2fwR
tuhRNrwvkYFXTA5grAnnhGqFXPfLt5YlU86QLdu3Z9WJcAAHck1HMCUxdm0gZyNu
q5XQnmr76dbWjftQ+mxYAdhZGjjGV1OQyjfyUoLbxyR0jvaLUTFvMmtxFsHpJvEc
VLscWZUvjPbpcg/BH8EWbDUSCJc70EZMW6TpjyL+1Eq6+n4KB+IWDnn603U3vYFj
ExVfg2CqTIzC/mxAGQ/lg1ujKBnL/VemGpjZzL8jyYVLhAtASTWnwuaL1Sf2kCYh
fApP+06YxkQ39BrJmi7Dg6s5zeRu4le57kPLVAGK0ZYRbaq5asAi9Ni5j/ZLdh/b
F3oUgAOTPQtqbi8AAwUH/1n9jpOXRX7LsfsI5K4gVhHYPUYuy5WuRRxJZ6Y1JbOq
UfePLg+cutaxE8RAvEY1VZvNTvEt7UYPoA3qR3lb4IzLqJimbbKGhhVdHIOYLGnz
nxiwfo4S+my9GEYKLb3iHIR1DCfihhDryVlFYGAMCPNh0w2sNSSenP4cZBuD6V1J
QLitW9aZoURMvtFYU8aO/BlZ7hVlRVNU5juwwAM5t2n2gBeRhMthaAR7OApDypvB
1TM+BeSDchieEAFNkX4leSMbFgP3CJmAXMJXKj8MQmsR8gdccUHGplGFI6IzNklm
L/eWLdhAZsM+LsAo4MpoJzPoQyFIH7wmIPm4b/z7YZmISQQYEQIACQUCRjaq7wIb
DAAKCRAb4dzwEzSi9XiWAKCdDtdnTW9X/6rHxQL/obNiZsEtEwCgrlmYisNacJyf
74k/eLaYWYqu7YI=
=8HMA
-----END PGP PUBLIC KEY BLOCK-----

Blogs and organic groups at http://www.ccie.net <http://www.ccie.net/>
Received on Tue Apr 14 2009 - 13:50:28 ART