Skip the navigation

Little new in Obama cybersecurity proposal

Administration's proposal calls for data breach legislation, stronger DHS role, upgrading FISMA

May 13, 2011 06:00 AM ET

Computerworld - A set of cybersecurity proposals, submitted to Congress on Thursday by the Obama administration, contained little that was new or unexpected.

The proposals have been in the making since May 2009, when President Obama announced his intentions to make cybersecurity a national priority as part of his new Comprehensive National Cybersecurity Initiative.

Since then, the administration has created a new White House cybersecurity office and appointed a coordinator to head it. It has put in place a National Cyber Incident Response Plan, which is in the final stages of being tested.

And the White House has also been engaged in discussions with stakeholders from both the public and private sectors on how to improve cybersecurity at the federal government level and within the private sector.

Thursday's cybersecurity legislative proposal is one outcome of those efforts. But its contents are likely to come as something of a disappointment for those who might have been expecting sweeping new proposals.

The proposal was developed in response to Congress' "call for assistance" on cybersecurity matters, White House cybersecurity coordinator Howard Schmidt said in a blog post today.

The proposals include a long-standing call for a national data breach notification law that would standardize the existing patchwork of state laws companies and government entities have to comply with.

It also calls for laws that would impose stricter penalties on cybercriminals, and would set mandatory minimum prison terms for intrusions into critical infrastructure targets.

In addition, the White House is calling for legislation that would give the Department of Homeland Security a much more active role in working with private sector critical-infrastructure operators to identify, prioritize and protect against threats.

"The lack of a clear statutory framework describing DHS's authorities has sometimes slowed the ability of DHS" to help organizations that come seeking its aid on cybersecurity issues, the White House noted.

The new proposals would also clarify "the type of assistance that DHS can provide to the requesting organization," it said.

As expected, the White House proposals call for a strengthening of the Federal Information Security Management Act (FISMA), which all civilian federal agencies are required to comply with. Critics of FISMA have long called for a total revamp of its requirements, saying that the standard, as it exists, now does little to enhance security.

In addition, the proposals require the DHS to oversee the implementation of intrusion prevention system (IPS) for blocking attacks against government computers. Internet service providers that implement the systems on behalf of the DHS would be provided legal immunity, as needed, to provide the service, the White House noted.

Other proposals include measures for stronger protections for cloud computing, and laws that would prevent states from requiring cloud service providers to build data centers in their state, unless explicitly approved by the federal government.



Our Commenting Policies