Create an Account
username: password:
 
  MemeStreams Logo

CyberSecurity Bill - Professional Certifications appear to be off the table

search

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
CyberSecurity Bill - Professional Certifications appear to be off the table
Topic: Miscellaneous 8:15 am EST, Feb 17, 2012

The draft of the Cybersecurity legislation circulated last year included a number of troubling provisions, such as the requirement that any computer security professional working on "critical infrastructure" obtain a government approved professional certification, and a bizarre provision providing that the President could disconnect privately owned "critical infrastructure" from the Internet.

The new draft of the bill does not seem to include either of these provisions. Its a long bill and I have not read it carefully. Its possible that the certification provision is in there somewhere and I missed it, but in looking over the text, I don't see it there. You can click through the link at the bottom of this article and check for yourself.

The professional certification requirement is problematic because it would turn the practice of computer security into a very heavily regulated profession. The certification requirement would provide a back door mechanism through which certain classes of people, such as those who don't have a relevant college degree or those who have been convicted of a crime, could be legally excluded from practicing the profession (regardless of individual circumstances). Frankly, you are not going to get the best and brightest cybersecurity minds to sit through certification retraining three times a year, and so this would lead to brain drain away from critical infrastructure protection and into other roles that are not as heavily regulated.

Supporters of this requirement like to raise the fact that DOD requires certifications. There is a substantial difference between any employer (albeit large) requiring certifications, and the government requiring employers to require certifications through a federal law.

I am glad this provision is gone. What remains does not appear to be too much of a pill to swallow.

CyberSecurity Bill - Professional Certifications appear to be off the table



 
 
Powered By Industrial Memetics
RSS2.0