Representative Ro Khanna (D-Calif.) recently introduced cybersecurity legislation that would, “mandate Congress [to] direct OMB to require cybersecurity training for federal employees and include information on the risks of Internet of Things (IoT) devices…”
On the surface, this seems like a great idea. Rep. Khanna represents a district in the heart of Silicon Valley, so if there’s anyone who knows and understands the threat landscape facing federal agencies, it’s him. Also, since people are one of the largest vulnerabilities facing federal agencies, it makes sense that Rep. Khanna would want to require cybersecurity and cyber hygiene training.
But is this an effective way to solve the problem, or just window dressing? I would argue it’s the latter – and it’s certainly not the first piece of cybersecurity legislation intended to solve this problem.
The “Promoting Good Cyber Hygiene Act of 2017” (H.R.3010) was introduced in the House of Representatives years ago. That bill would require the National Institute of Standards and Technology (NIST) to, “…provide for the identification and documentation of best practices for cyber hygiene…” Much like Rep. Khanna’s bill, it will only function to give the illusion that the government is doing something to make itself more secure.
Where did this cybersecurity legislation go wrong? Let’s dive in…
To continue reading, please fill out the form below.