02 Jul 2009

Federal CyberSecurity License proposal

“systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitation impact on security, national economic security, national public health or safety, or any combination of those matters.” The Patriot Act of 2001 identified a number of critical infrastructures: Agriculture and Food; Water ; Public Health; Emergency Services; Government; Defense Industrial Base; Information and Telecommunications; Energy; Transportation and Shipping; Banking and Finance; Chemical Industry and Hazardous Materials; Post; National monuments and icons; Critical Manufacturing If the guidelines of the Critical Infrastructure Information Act of 2002 is any indicator, larger implications may lead to the license stipulating mandatory reporting by all CyberSecurity Professionals of all information, including reports, assessments, analyses, and unevaluated intelligence (i.e. whether or not such information has been analyzed)The text of section 7 of the Senate Bill proposal 773 as Introduced in Senate May 29, 2009 reads as such:

Cybersecurity Act of 2009

Sec. 7. Licensing and certification of cybersecurity professionals: (a) IN GENERAL- Within 1 year after the date of enactment of this Act, the Secretary of Commerce shall develop or coordinate and integrate a national licensing, certification, and periodic recertification program for cybersecurity professionals (b) MANDATORY LICENSING- Beginning 3 years after the date of enactment of this Act, it shall be unlawful for any individual to engage in business in the United States, or to be employed in the United States, as a provider of cybersecurity services to any Federal agency or an information system or network designated by the President, or the President’s designee, as a critical infrastructure information system or network, who is not licensed and certified under the program. ]]>