The FISMA Focus IPD

The thirtieth anniversary of OMB’s regulatory review office, OIRA-the Office of Information and Regulatory Affairs, was celebrated on Friday, May 20th.  The event was sponsored by Susan Dudley, a former OIRA Administrator, who presently heads the George Washington University Regulatory Studies Center.

Virtually all former Administrators and Deputy Administrators made presentations, including Jim Tozzi, the first Deputy Administrator of OIRA.

The Bureau of National Affairs Reports:

“Jim Tozzi, the first deputy administrator of OIRA, said the institution gives a protective shield against the wholesale dismantling of regulatory agencies, which play an integral role in society.

From: FierceGovernmentIT

Security remains the largest concern to public cloud adoption among government and higher education officials, according to an online survey of 646 information technology professionals.

The survey, sponsored by Quest Software and conducted by Norwich University’s School of Graduate and Continuing Studies, has a margin of error of 3.85 at the 95 percent confidence interval. Concerns over security was by a significant margin the largest worry; 50.5 percent of survey participants chose it as the biggest barrier to public cloud adoption. 

The FCC hosted a Cybersecurity Roundtable focused on small businesses.   In his remarks, Chairman Genachowski explained that is is “vital that small business be in the cybersecurity equation” and that “small businesses that don’t take protective measures are particularly vulnerable targets for cybercriminals.”

The Chairman also noted that “Congress has also been actively considering legislative proposals that would include increased information sharing between the government and private sector.”

The White House has formally unveiled its anticipated cybersecurity legislative proposal.  As expected, a key component of the plan is for authority to regulate the cybersecurity defenses of major industries including the financial industry, the power grid and transportation networks.

As the White House exlpains, the thrust of the private sector regulatory proposal would involve the use of third-party certification of cybersecurity plans.

Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans. … In the event that the process fails to produce strong frameworks, DHS, working with the National Institute of Standards and Technology, could modify a framework. DHS can also work with firms to help them shore up plans that are deemed insufficient by commercial auditors.

Editor’s Note:  The following article from Congressional Quarterly discusses FERC’s interest in obtaining statutory authority to regulate electrical utilities’ cybersecurity for protection against natural disasters as well as other threats.  FERC’s comments reflect part of a growing, broad-based federal interest in regulating private sector computer network defenses.

FERC Looks for New Authority in Cybersecurity Legislation

By CQ Staff
Congressional Quarterly Homeland Security
May 9, 2011

In the debate over cybersecurity legislation, the federal government’s authority to regulate private sector security practices has been a central point of debate. As various Senate panels try to come to agreement over a comprehensive bill, the Federal Energy Regulatory Commission is saying it needs its enhanced ability to protect the networks controlling electrical grids from potential electromagnetic pulses from solar flares and other causes.