Little new in Obama cybersecurity proposal
Administration's proposal calls for data breach legislation, stronger DHS role, upgrading FISMA
Computerworld - A set of cybersecurity proposals, submitted to Congress on Thursday by the Obama administration, contained little that was new or unexpected.
The proposals have been in the making since May 2009, when President Obama announced his intentions to make cybersecurity a national priority as part of his new Comprehensive National Cybersecurity Initiative.
Since then, the administration has created a new White House cybersecurity office and appointed a coordinator to head it. It has put in place a National Cyber Incident Response Plan, which is in the final stages of being tested.
And the White House has also been engaged in discussions with stakeholders from both the public and private sectors on how to improve cybersecurity at the federal government level and within the private sector.
Thursday's cybersecurity legislative proposal is one outcome of those efforts. But its contents are likely to come as something of a disappointment for those who might have been expecting sweeping new proposals.
The proposal was developed in response to Congress' "call for assistance" on cybersecurity matters, White House cybersecurity coordinator Howard Schmidt said in a blog post today.
The proposals include a long-standing call for a national data breach notification law that would standardize the existing patchwork of state laws companies and government entities have to comply with.
It also calls for laws that would impose stricter penalties on cybercriminals, and would set mandatory minimum prison terms for intrusions into critical infrastructure targets.
In addition, the White House is calling for legislation that would give the Department of Homeland Security a much more active role in working with private sector critical-infrastructure operators to identify, prioritize and protect against threats.
"The lack of a clear statutory framework describing DHS's authorities has sometimes slowed the ability of DHS" to help organizations that come seeking its aid on cybersecurity issues, the White House noted.
The new proposals would also clarify "the type of assistance that DHS can provide to the requesting organization," it said.
As expected, the White House proposals call for a strengthening of the Federal Information Security Management Act (FISMA), which all civilian federal agencies are required to comply with. Critics of FISMA have long called for a total revamp of its requirements, saying that the standard, as it exists, now does little to enhance security.
In addition, the proposals require the DHS to oversee the implementation of intrusion prevention system (IPS) for blocking attacks against government computers. Internet service providers that implement the systems on behalf of the DHS would be provided legal immunity, as needed, to provide the service, the White House noted.
Other proposals include measures for stronger protections for cloud computing, and laws that would prevent states from requiring cloud service providers to build data centers in their state, unless explicitly approved by the federal government.
Obama and tech
- China set to surpass U.S. in R&D spending in 10 years
- Outgoing federal CIO warns of 'an IT cartel'
- @whitehouse takes on Twitter Town Hall
- Obama's CIO quits
- Little new in Obama cybersecurity proposal
- Feds update IT plan following Obama's 'horrible' comment
- Obama's online trusted ID plan greeted with caution
- U.S. Census tech makeover includes 'oasis' for innovation
- Obama seeks big boost in cybersecurity spending
- QuickPoll: Is Obama's 98% 4G broadband coverage goal realistic?
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Cybercrime and Hacking White Papers | Webcasts