Senate Takes More Action
Late last year the US Senate voted overwhelmingly to pass CISA, the Cybersecurity Information Sharing Act. That piece of legislation requires organizations to share cyber information between private entities and various government agencies in an effort reduce the impact of breaches to digital systems. Coming on the heels of CISA, members of the Senate introduced S-2410, The Cybersecurity Disclosure Act of 2015. This bill seeks to require organizations to disclose the cybersecurity expertise of the members of the Board which advises and guides the organization.
The purpose of this bill are many fold. First, it increases the public (stakeholders) awareness of the importance cybersecurity in the defense of the digital assets of the organization. It also nudges the Board to increase the cyber knowledge base within the Board through education or the requirement that new members possess some level of cyber knowledge and understanding. It also prompts the Board to review the status of the security of the organizations digital systems and to ensure that due diligence is being exercised in the protection of those assets. Recent action by the Federal Trade Commission (FTC vs Wyndham Worldwide Corporation) indicates how serious the government is taking cybersecurity in the private sector.
One of the ongoing problems with cybersecurity is the lack of awareness that is too often seen in the C-Suite and at the ‘Board’ level. Strategic issues often take much of the Board members time, and cybersecurity is far too often given only passing thought. Getting organizations to pay attention and take the issue seriously is a step in the right direction.
The National Cybersecurity Institute and Excelsior College have been at the forefront in providing quality training and education for all levels in an organization. Aside from the valued degrees and certificates that are offered, NCI and Excelsior offer specific training for the ‘C-Suite’ that enlightens members and increases their awareness of the troubling issues related to cybersecurity.
S-2410 seeks to increase the transparency or organizations and make stakeholders more aware of the competency of those who advise the organization in which they have a vested interest. As the threat of cyber breaches continue to escalate, stakeholders need to be reassured that those in the upper echelons of administration and their advisors are aware of the issues, and competent to deal with them. S-2410 seems a step in the right direction.