White House delivers cybersecurity legislation

The White House today sent its cybersecurity legislation to Capitol Hill, asking for changes in the law that will give the Dept. of Homeland Security more authority and duties in overseeing both private-sector and government networks. The White House is also asking for a national data-breach law that would supersede the patchwork of state data-breach laws now in place around the country.

US senators: Corporate date breach reporting is inconsistent, unreliable

The White House said it's asking Congress to consider its legislative proposal, which is aimed at "improving cybersecurity for the American people, our nation's critical infrastructure, and the federal government's own networks and computers."

The proposed legislation asks for a national federal law for reporting data breaches, in order to make it easier for businesses by eliminating the patchwork of state laws that now exists. The White House is also asking for new penalties for cybercrime by clarifying that these types of crimes fall under Racketeering Influenced and Corrupt Organizations Act (RICO). And thirdly, the White House wants a clear statutory framework that would give the Department of Homeland Security (DHS) more flexibility in assisting industry, states and local governments when they suffer computer break-ins.

"The Administration proposal will enable DHS to quickly help a private-sector company, state, or local government when that organization asks for its help," the White House said today in its statements about the legislation. "Businesses, states, and local governments sometimes identify new types of computer viruses or other cyber threats or incidents, but they are uncertain about whether they can share this information with the federal government. The Administration proposal makes clear that these entities can share information about cyber threats or incidents with DHS. To fully address these entities' concerns, it provides them with immunity when sharing cybersecurity information with DHS. At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties."

The White House also said it wants Congress to adopt legislation that "requires DHS to work with industry to identify the core critical-infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for those operators." This proposal appears to impact energy companies operating electrical and other infrastructure, requiring them to work directly under the guidance of DHS, which would be coordinating some actions with the National Institute of Standards and Technology (NIST).

In terms of the federal government's computer networks, the White House is asking for some updates and changes to the security guidelines known as the Federal Information Security Management Act in order to "formalize DHS' current role in managing cybersecurity for the Federal government's civilian computers and networks, in order to provide departments and agencies with a shared source of expertise."

The White House said its proposal would also make permanent "DHS' authority to oversee intrusion prevention systems for all federal executive Branch civilian computers." DHS is said to operate the Einstein intrusion-prevention system, with ISPs also implementing various systems on behalf of DHS.

The proposal also tackles the issue of cloud computing, noting the federal government has "embraced cloud computing," and says one measure it wants to see passed into law is one that prevents states from requiring companies to build their data centers in that state, 'except where expressly authorized by federal law."

The legislation says these responsibilities for DHS do mean it will be collecting considerable cybersecurity information, but that "all monitoring, collection, use, retention, and sharing of information are limited to protecting against cybersecurity threats. Information may be used or disclosed for criminal law enforcement, but the Attorney General must first review and approve each such usage."

It remains to be seen how the White House cybersecurity proposals will be received on Capitol Hill.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags governmentsecuritydata breachindustry verticalsWhite House: cybersecurity; data breach;

More about ACTICOLANTechnology

Show Comments