White House Presses For New Cybersecurity Laws

[Jake Kouns <jkouns () opensecurityfoundation org>]

The White House is urging Congress to pass President Obama's
cybersecurity legislation in 2012 to give officials the authority they
need to combat "growing and increasingly sophisticated cyberthreats,"
according to the leading U.S. cybersecurity official.

White House Cybersecurity Coordinator Howard Schmidt called for
legislators to "modernize" outdated laws surrounding cybersecurity by
supporting the broad legislative proposal President Obama sent to
Congress in May, according to a White House blog post.

"It is our sincere hope that members of Congress will look at the
significant amount of public debate that has been occurring on these
issues--as well as the work and debate on this issue over the years in
the Congress--and continue to work in a bipartisan manner to quickly
enact legislation to address the full range of cyber threats facing
our nation," Schmidt said.

Indeed, Congress has dragged its feet for years on passing
cybersecurity legislation despite the fact that there are numerous
bills circulating, some of which call for the same regulations as the
White House plan. Congressional leaders had expressed an interest in
passing cybersecurity legislation by the end of last year but it did
not happen.

Schmidt's urging came a day after President Obama's annual State of
the Union address, in which the president mentioned the proposal as a
way "to stay one step ahead of our adversaries" by securing
cyberspace.

Laws authorizing collaboration with the private sector--which the feds
already are engaged in--are a key part of the proposal and should be
addressed in whatever Congress passes, Schmidt said.

"Legislation that fails to provide the legislative authorities our
professionals need to work with the private sector to ensure the safe
and reliable operation of our critical infrastructure networks would
not be commensurate with the very real and urgent risks to our
nation," he said.

Other aspects of the plan place cybersecurity authority more squarely
in the hands of the Department of Homeland Security (DHS)--which
already has a key role in leading federal cybersecurity efforts--and
address data breaches and privacy protections.

Specifically, Obama's legislative proposal clarifies how companies can
share information about cyberthreats with the DHS, and allows the
agency to help critical infrastructure companies with their
cybersecurity needs if the private sector wants assistance.

The DHS also would be responsible for defining risks that controllers
of the most critical infrastructure need to mitigate and require them
to provide their plans for doing so to the agency.

In terms of data breaches, Obama's legislation includes a national
standard for reporting breaches to replace 47 existing state
data-breach reporting laws. It also would toughen up minimum
punishments for cyber criminals.

The DHS also factors into the privacy-protections built into the White
House plan. The department would be required to develop privacy and
civil liberties procedures that the Attorney General would oversee and
approve, and companies that want to share information with the
government would first have to wipe it of any identifying
information unrelated to cyber threats.

There has been some opposition to the White House cybersecurity plan.
The U.S. Chamber of Commerce, for instance, worried that placing
cybersecurity requirements on critical infrastructure companies would
place an undo regulatory and financial burden on them, among other
concerns.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Small, inexpensive USB drives pose huge threats to organizations left unprotected. 
Download Chapter 1 of CREDANT Technologies eBook
Data Protection to the Rescue
http://www.credant.com/campaigns/external_media_ebook/chapter1/lp/