Compliance and security consultant and TechTarget contributor Kevin Beaver checked in about the Cybersecurity Act of 2009, aka the kill-switch bill.
He agrees with some other experts I’ve talked to about some key points in the proposed legislation that would mandate that only certified security professionals be allowed to work on critical cyber infrastructure.
In addition, the increased regulation of security professionals is spreading, with a few unintended consequences. As he wrote in a recent email:
The same thing is being debated in the computer forensics field right now. Just like any other degree (i.e., M.D.), license (i.e., P.I. [private investigator], cybersecurity wizard, etc.), or certification (i.e., CISSP) — not a single one of them mean you’re all of a sudden going to know your stuff and provide quality services.
What it’ll end up doing is limiting the amount of professionals in the field. The politicians will then have more “control.” But, the law of unintended consequences has shown time and again that, long term, this will likely serve to create nothing more than a monopoly consisting of substandard security professionals. Everyone suffers.
Ironically, several government agencies are vying for control of cybersecurity, or rather not to control cybersecurity, as it is too big a job for one agency. By my count, four agencies — the Department of Defense, the National Security Agency, the Department of Homeland Security and the Commerce Department — are in the mix, and now we have the proposed White House cyber office that would be created under the Internet Communications Enhancement Act.