A lot of organizations, including small businesses and critical infrastructure operators, might soon get new technical security requirements from the federal government. This will probably be very costly, especially for small businesses that don't already implement the kinds of security measures that are standard for large federal contractors. I'll give a brief overview of two new efforts: a bill in the US Senate called the Cybersecurity Act of 2012 (CSA) that, if passed, will impact critical infrastructure operators, and a new federal contracting rule that's closely related to parts of CSA in its goals and technical details. Both of these efforts focus on NIST's Risk Managment Framework, and if you're not already familiar with this process, now might be the time to get up to speed.
Read more at the Galois blog.