Without any notable opposition to the Senate’s version of the bill, the House agreed to a reorganization of the Cybersecurity and Infrastructure Security Agency (CISA) Act earlier this week, according to FCW.
Replacing the National Protection and Programs Directorate, the new agency will oversee the cybersecurity of federal computer systems and will be a government liaison on cybersecurity issues with critical infrastructure providers, such as banks, hospitals and airports.
"This is just a new sign and a lick of paint on another DC bureaucracy. CISA is focused on securing federal infrastructure as a part of the Bush-era Frankenstein’s Monster DHS, so they will continue to spend vast amounts of money on systems, while 91% of attacks will succeed via phishing attacks,” said Colin Bastable, CEO, of Lucy Security.
“From the perspective of protecting government departments, businesses and citizens against phishing attacks by 'upgrading' the security skills of the people, CISA will bring zero benefits," said Bastable. "Effective cybersecurity requires a holistic approach, securing people and systems as part of an integrated plan. The weakest points are the people – it only takes one successful attack.”
In addition to businesses needing to defend against cyber-attacks, there is also a need for federal, state and local government departments to protect themselves and a Federal Bureau of Cybersecurity to protect people, businesses and non-federal assets, according to Bastable.
“This is a national issue: Americans treat consumer protection as a national priority, and yet cyber insecurity is treated as a fact of national life that we should somehow tolerate and accommodate," he said. "A dedicated Federal Bureau of Cybersecurity will treat cyber insecurity as the consumer safety issue that it is, and respond with serious intent to protect Americans as voters, social media users, health insurance consumers and taxpayers."
In order to effectively defend critical infrastructure, the government must be able to detect, respond to and recover from these types of attacks. George Wrenn, CEO and founder, CyberSaint Security, said, “As the former CSO of a global critical infrastructure organization, I've seen first-hand that adopting the National Institute of Standards and Technology's Cybersecurity Framework is a robust first step in lowering the cybersecurity risk in our government agencies and critical infrastructure organizations. The focus on cybersecurity for organizations such as these is critical to our safety as a nation, and I'm pleased to see this issue enter the spotlight."