On March 28th, 2012, Nicole Blake Johnson reported for the Federal Times on recent comments by CyberComm/NSA head Gen. Keith Alexander. Specifically, the General testified that critical infrastructure owners are not even taking simple steps–such as installing updates and patches–to ensure basic cybersecurity. Seeing that this is the case, the General recommended that privately owned critical infrastructure should come under federal cybersecurity standards. The General also argued that privately owned critical infrastructure "should be required to report cyber attacks to the government."
Those proposals should sound familiar. The Federal Times article noted that both proposals showed up in the CSA, the more regulatory version of cybersecurity legislation introduced in the Senate.
You can find the Federal Times source article here.
***
On March 27th, Kim Zetter reported for Wired on the NSA's ambitions within private networks. Notably, Gen. Alexander reinterated that the NSA does not want "to be lurking in private networks monitoring data for threats." However, the NSA would be willing to share malware signatures with the private industry under the greater onus of "information sharing."
Jason Healy (for The Atlantic) had previously suggested that the NSA share its malware signatures.
William Snyder
Video of General Keith Alexander’s testimony to the Senate Armed Services Committee on March 27, 2012, can be viewed at http://www.senate.gov/fplayers/jw57/urlMP4Player.cfm?fn=armed032712&st=1515&dur=11539
William Snyder
Video of General Keith Alexander’s testimony to the Senate Armed Services Committee on March 27, 2012, can be viewed at http://www.senate.gov/fplayers/jw57/urlMP4Player.cfm?fn=armed032712&st=1515&dur=11539