Wow, just when you though big government was someone else's problem
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sun Apr 5 08:13:05 UTC 2009
On Sat, 04 Apr 2009 16:16:24 +0530, Suresh Ramasubramanian said:
> Do you by any chance get to go work on sensitive government networks
> without, say, a security clearance?
What the draft actually says:
SEC. 7. LICENSING AND CERTIFICATION OF CYBERSECURITY PROFESSIONALS.
(a) IN GENERAL. - Within 1 year after the date of enactment of this Act, the
Secretary of Commerce shall develop or coordinate and integrate a national
licensing, certification, and periodic recertification program for
cybersecurity professionals.
(b) MANDATORY LICENSING. - Beginning 3 years after the date of enactment of
this Act, it shall be unlawful for any individual to engage in business in the
United States, or to be employed in the United States, as a provider of
cybersecurity services to any Federal agency or an information system or
network designated by the President, or the President's designee, as a critical
infrastructure information system or network, who is not licensed and certified
under the program.
A few thoughts:
1) Somebody's going to make a mint of money doing certification testing.
2) Somebody's network is going to be left flapping in the breeze because
their provider didn't get certified in time.
3) It's interesting that "providers of cybersecurity services" have to be
licensed, although others who do security-relevant work on the system/net don't
have to be - nor do they define what a "provider of cybersecurity services" is.
So - quick show of hands: If you have a net that this applies to, do you know
which of your engineers do/don't need a cert? ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090405/4e201c7a/attachment.sig>
More information about the NANOG
mailing list