Comment Effective laws? (Score 2, Interesting) 194
While I applaud the Senators' efforts to assist in securing cyberspace, historical efforts to legislate cyber-security have not proven effective. (that was tough to say with a straight face) To wit, examine the Government's own record: Currently all federal agencies are required to follow strict guidelines/policy, yet the average info-security grade given by OMB, for FY2007 was a C-. How far would you get in life if your average grade was a C-? I'd guess the average Slashdotter had better than a 1.7 average.
Further, they seem to think that if NIST establishes "measurable and auditable cybersecurity standards", then all will be right with the world. NEWSFLASH - The Fed already has that for the entire GOV, and while many agencies have improved it has not shown to be the panacea they intended. According to OMB's report out 3 weeks ago(go to page 9), the DOD, the agency with the most important security concerns and highest risk (and consequently the most stringent InfoSecurity program) is failing miserably.
Funny, if you read the FISMA top page, it refers to 'cost-effective' security programs, but nowhere does it mention effective programs...
New legislation is not the answer - holding people accountable is. [to keep this relatively short I'm not going to expand on this - you know how to find the laws]
As one previous poster noted, a bunch of us posting here is not going to change anything. So, I will end this with a call to action for all Slashdotters - write a letter to your Senator and Congressman and let them know (using clear, thoughtful words) that this is an f'ing stupid idea and that they should not support it.
