Little new in Obama cybersecurity proposal
Administration's proposal calls for data breach legislation, stronger DHS role, upgrading FISMA
Computerworld - A set of cybersecurity proposals, submitted to Congress on Thursday by the Obama administration, contained little that was new or unexpected.
The proposals have been in the making since May 2009, when President Obama announced his intentions to make cybersecurity a national priority as part of his new Comprehensive National Cybersecurity Initiative.
Since then, the administration has created a new White House cybersecurity office and appointed a coordinator to head it. It has put in place a National Cyber Incident Response Plan, which is in the final stages of being tested.
And the White House has also been engaged in discussions with stakeholders from both the public and private sectors on how to improve cybersecurity at the federal government level and within the private sector.
Thursday's cybersecurity legislative proposal is one outcome of those efforts. But its contents are likely to come as something of a disappointment for those who might have been expecting sweeping new proposals.
The proposal was developed in response to Congress' "call for assistance" on cybersecurity matters, White House cybersecurity coordinator Howard Schmidt said in a blog post today.
The proposals include a long-standing call for a national data breach notification law that would standardize the existing patchwork of state laws companies and government entities have to comply with.
It also calls for laws that would impose stricter penalties on cybercriminals, and would set mandatory minimum prison terms for intrusions into critical infrastructure targets.
In addition, the White House is calling for legislation that would give the Department of Homeland Security a much more active role in working with private sector critical-infrastructure operators to identify, prioritize and protect against threats.
"The lack of a clear statutory framework describing DHS's authorities has sometimes slowed the ability of DHS" to help organizations that come seeking its aid on cybersecurity issues, the White House noted.
The new proposals would also clarify "the type of assistance that DHS can provide to the requesting organization," it said.
As expected, the White House proposals call for a strengthening of the Federal Information Security Management Act (FISMA), which all civilian federal agencies are required to comply with. Critics of FISMA have long called for a total revamp of its requirements, saying that the standard, as it exists, now does little to enhance security.
In addition, the proposals require the DHS to oversee the implementation of intrusion prevention system (IPS) for blocking attacks against government computers. Internet service providers that implement the systems on behalf of the DHS would be provided legal immunity, as needed, to provide the service, the White House noted.
Other proposals include measures for stronger protections for cloud computing, and laws that would prevent states from requiring cloud service providers to build data centers in their state, unless explicitly approved by the federal government.
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts