With “hacktivism” on the rise — practiced by organisations and groups such as Anonymous — and in face of the Sony saga to name just two examples, the White House proposed draft legislation on Thursday aimed at toughening the defenses of government and private industry against the growing danger from cyber-attack.
The White House said in a statement, “Our nation is at risk… Cyber-security vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.” The statement continued, “It has become clear that our nation cannot fully defend against these threats unless certain parts of cyber-security law are updated”.
No ad to show here.
US President Barack Obama has identified cyber-security as a top priority for his administration and this proposed new White House legislation joins some 50 cyber-related bills introduced during the last session of Congress.
The White House bill would require critical infrastructures, such as the power, financial and transportation sectors, to come up with plans to better protect their increasingly internet reliant computer networks.
“Market forces are pushing infrastructure operators to put their infrastructure online”, the White House noted, making it “vulnerable to cyber-attacks that could cripple essential services.”
The bill would require the Department of Homeland Security (DHS) to work with private industry to identify “core critical-infrastructure operators” and identify the most serious cyber-threats that they face. Critical infrastructure operators would need to develop “frameworks” for addressing cyber-threats which would be assessed by third-party, commercial auditors. In the event an operator’s cyber-defense plan falls short, DHS could modify it and “help them shore up plans that are deemed insufficient by commercial auditors”, the White House said.
The bill would standardise the various state laws that require companies to report data breaches that compromise the personal information of consumers and would also stiffen the penalties for cyber-crime. The proposal also clarifies the type of assistance the federal government can provide private industry, or state and local governments, in dealing with cyber-intrusions and outlines procedures to promote an exchange of information.
“At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties”, the White House stressed.
The proposed bill would also address the cyber-security needs of the government, whose computers are attacked millions of times a year. It would formalise the role entrusted to the DHS in managing and defending government and civilian networks as they have always been managed separately from military networks protected by the Pentagon.
The bill gives the DHS more flexibility in hiring cyber-security specialists in a highly competitive market and allows the government and private industry to temporarily exchange experts.
The White House is hoping for action by Congress on the bill this year.
Senator Jay Rockefeller, a Democrat from West Virginia, and Senator Olympia Snowe, a Republican from Maine, who have introduced their own cybersecurity legislation in the Senate, welcomed the White House’s proposal. “The White House has presented a strong plan to better protect our nation from the growing cyber-threat,” Rockefeller said. “It establishes clear roles, responsibilities and accountability for cyber-security in government and the private sector.”
Snowe said she hopes to see swift passage of comprehensive cyber-security legislation and said, “further delay compromises our ability to better protect Americans against cyber intrusions and attacks that target our financial, commercial, transportation and communications sectors.”