May 13, 2011

White House Unveils Draft Cybersecurity Plan

The Obama administration unveiled a draft cybersecurity proposal on Thursday, saying the plan would protect the nation's critical computer infrastructure against cyberattacks.

"Our nation is at risk," said the White House in a statement.

"Cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity."

"It has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated," the administration said.

President Obama has identified cybersecurity as a top priority of his administration, and the draft legislation is only the latest of some 50 cyber-related bills introduced during the last session of Congress.

The White House bill would require critical infrastructure such as the power, financial and transportation industries to establish plans to better protect their networks against data breaches.

"Market forces are pushing infrastructure operators to put their infrastructure online," the White House said, making it "vulnerable to cyberattacks that could cripple essential services."

The legislation would require the Department of Homeland Security to collaborate with private industry to identify "core critical-infrastructure operators" and identify the most significant cyber threats they face.

Operators of critical infrastructure would be required to develop "frameworks" for dealing with cyber threats, which would be assessed by Independent commercial auditors.

In the event a plan falls short, DHS could intervene to "shore up plans that are deemed insufficient by commercial auditors," the White House said.

The bill would also tighten the penalties for cyber crime, and would standardize numerous state laws requiring companies to report data breaches that compromise the personal data of consumers.

The proposal also details the steps the federal government can take to assist private industry or state and local governments in handling cyberattacks, and puts in place procedures to facilitate the exchange of information.

"At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties," the White House said.

The new bill also addresses the security needs of government computer networks, which are attacked millions of times each year, and formalizes the Department of Homeland Security's role in managing and defending government civilian networks.

And while the Pentagon is still responsible for protecting military networks, the legislation gives the DHS additional flexibility in hiring specialists and allows the government and private industry to temporarily exchange such experts.

The White House said it hopes Congress will act on the bill this year.

Senator Jay Rockefeller (D-WV) and Senator Olympia Snowe, (R-ME), who have introduced their own cybersecurity legislation, praised the Obama administration's proposal.

"The White House has presented a strong plan to better protect our nation from the growing cyber threat," Senator Rockefeller said.

"It establishes clear roles, responsibilities and accountability for cybersecurity in government and the private sector."

Senator Snowe said she hopes to see quick passage of comprehensive cybersecurity legislation.

"Further delay compromises our ability to better protect Americans against cyber intrusions and attacks that target our financial, commercial, transportation and communications sectors," she said.

Additional information about the administration's plan can be viewed at the White House blog.