As I write this article, there are currently more than 10 different bills being evaluated in various Congressional committees, all of which address some aspect of cybersecurity.
Many of these bills are large, over-arching concepts – FISMA 2.0 and the like. But many others are being developed to address the specific risks and threats of certain types of systems, from “critical infrastructure” (generally regarded as assets that associated with energy production and distribution, the food supply, and national defense), to financial systems, healthcare and pharmaceuticals, and other industries. Many of these bills – if passed and signed into law – will mandate industry-specific security controls, risk calculations, and other requirements for private organizations. Keep reading →