With a new proposal that would require federal agencies to get permission from the Office of Management and Budget to opt-out of implementing specific cybersecurity practices— encryption of sensitive information and multifactor authentication—Sen. Ron Wyden, D-Ore., and Rep. Lauren Underwood, D-Ill., are challenging the status quo in cybersecurity policy.
“To secure our nation’s infrastructure, we must prioritize that federal agencies are adhering to the best cybersecurity practices,” Underwood, the new chair of the Committee on Homeland Security’s subcommittee on cybersecurity, infrastructure protection and innovation said in a press release of the bill’s introduction. “I’m pleased to join Senator Wyden to introduce this timely legislation.”
The generally accepted theory in U.S. cybersecurity policy centers on risk management and the idea that because there are limited resources and variations in system designs and functions, each entity must decide for itself where and how to focus its protection efforts.
The National Institute of Standards and Technology’s 2013 cybersecurity framework is at the heart of this. It references a host of security controls,…
