Cyber Roundup (5/6): NSA/CyberComm head wants mandatory cybersecurity standards, Senate Dems considering modifying the CSA, DoD cyber teams, and natural gas companies suffer a cyber attack

A quick survey of today's cyber news . . .

***

Ellen Nakashima reported for The Washington Post on Gen. Keith Alexander's (NSA/CyberComm head) thoughts on private sector cybersecurity.  According to the article, Gen. Alexander believes that any cyber legislation should require private companies to fortify their own networks to federal standards.  The Gen. also believes that a "voluntary, market driven system" would not work considering that some critical infrastructure owners "don't have [cybersecurity] expertise" and "need government assistance." 

Those comments seem pointed towards Republican legislation in both the House and Senate; both CISPA (the House bill that recently passed) and Secure IT (Sen. McCain's bill in the Senate) lack mandatory cybersecurity standards for private industry.  Gen. Alexander's beliefs are in line with the Obama administration's proposal and the Senate Democrat's proposal. 

Interesting comment in the WashPo article: Gen. Alexander said that it is CyberComm's role to defend the nation from cyberattack.  As I understood it, CyberComm can defend DoD systems, but doesn't have the legal authority to defend private systems.  Of course, it's no secret that CyberComm and the NSA want the legal authority to defend private systems.

You can find the WashPo article here.

***

Brendan Sasso reported for The Hill on how Senate Dems are thinking about changing their cybersecurity legislation in order to gain support from Senate Republicans.  The article noted that Senate Dems currently lack the 60 votes to get their preferred bill (the Cybersecurity Act of 2012, or CSA) to the floor.  To win Republicans over, Senate Dems are apparently "open to adjusting the language" of the critical infrastructure provisions.  Most of the debate between Democrats and Republicans stems from those critical infrastructure provisions. 

***

Jason Miller wrote for FederalNewsRadio.com on how the DoD is using cyberteams for both offense and defense. 

***

Mark Clayton reported for The Christian Science Monitor on how several U.S. natural gas pipeline companies are suffering from cyberattacks.  To be clear, the companies are suffering from spear phising attacks and intrusion attempts, not Stuxnet-esque physical damage.  Most (if not all) companies suffer from intrusion attempts.  Nevertheless, the attacks have been ongoing since December of 2011,  and DHS' ICS-CERT teams have gotten involved.