The White House has unveiled its proposal for far-reaching cybersecurity legislation that seeks to shore up the country's defenses against a growing number of threats to personal privacy, critical infrastructure, and the government's computing systems.
The plan covers four key areas: the protection of American citizens; the protection of critical infrastructure, such as the power grid and financial sector; the protection of government systems; and the protection of privacy and civil liberties.
The proposed legislation would institute harsher penalties for cybercriminals--cyber crimes would be added to RICO, the Racketeering Influenced and Corrupt Organizations Act-- and also seeks to increase transparency by requiring businesses to alert their customers to data breaches. It would also require the Department of Homeland Security to work with the private sector, particularly energy companies and financial firms, to assist in identifying and addressing vulnerabilities.
“Our Nation is at risk,” the White House wrote in a statement. “The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity."
In its description of how it intends to protect federal computer systems, the policy proposal notes that given the challenges of recruiting and retaining "highly-qualified cybersecurity professionals," the Department of Homeland Security would be given "more flexibility in hiring these individuals" and organizations would be encouraged to collaborate with the private sector. The plan also seeks to promote, not stifle, cloud computing: "This new industry should not be crippled by protectionist measures, so the proposal prevents states from requiring companies to build their data centers in that state, except where expressly authorized by federal law."
What is missing from the proposal, however, is any discussion of the extent of the government’s control over U.S. networks during an emergency. An Internet “kill switch” that would empower the President to turn off parts of the Internet had previously been discussed.
How will the plan be received by lawmakers and businesses?
Reuters writes, “It is unclear if the White House pressure will win support for stricter cybersecurity laws, especially among Republicans who control the House of Representatives. […]Previous bills with similar language have rankled corporate America as regulatory overreach, with many companies indicating they would fight any effort to be included as ‘critical infrastructure.’”
The Wall Street Journal reports, “Industry groups voiced initial support for the White House plan. The U.S. Chamber of Commerce praised the proposal as ‘the latest in a series of important actions’ by the White House on cybersecurity. Critics said the White House proposal, in trying to please business interests, doesn't do enough to require companies step up their computer security.”
Says Information Week, “The Republican-led House of Representatives and Democrat-controlled Senate remain at arms over several issues, including the balance of power on cybersecurity issues between the military and the Department of Homeland Security, and whether a comprehensive legislative overhaul should be accomplished in pieces or in one massive bill.”
The AP notes that critics say the plan doesn’t go far enough. Former senior Homeland Security official Stewart Baker said, “The Administration's proposal shows no sense of urgency…It tells even critical industries on which our lives and society depend that they will have years before anyone from government begins to evaluate their security measures."
Read the White House's fact sheet about the proposal here.