[LINK] US Cybersecurity Legislation
stephen at melbpc.org.au
stephen at melbpc.org.au
Sun Oct 30 02:03:34 AEDT 2011
The White House Blog <http://www.whitehouse.gov/blog>
"The Time is Ripe for Cybersecurity Legislation"
Posted by Howard A. Schmidt on October 28, 2011
It was late evening when the call came in to one of our law enforcement
agencies. Nasdaq management was on the line asking for assistance with a
security breach they had discovered.
Within twenty-four hours, a joint Federal team was on the way to New York
to provide support and begin the investigation. Shortly afterwards, I was
in the White House Situation Room with other top officials to review what
steps we needed to take to strengthen the security of our networks.
This intrusion taught us a few lessons about the shortcomings of our
current cybersecurity system.
For instance, we greatly appreciate it when corporate leadership alerts
the Federal government to serious intrusions, yet there is no general
national requirement that companies do so. In cases of cybersecurity
incidents that can damage our critical infrastructure such as the
electric grid or our financial, transportation, and communication
networks damage that can put our national security, public safety, and
economic prosperity at risk the Federal government must know what is
happening so that it can take steps to bring adversaries to justice and
help protect Americans.
Unfortunately, our critical infrastructure has suffered repeated cyber
intrusions in the past year. Cybercrime, including online identity theft
that hurts millions of Americans as well as the theft of intellectual
property American companies innovative ideas that are the lifeblood of
our economic growth continues to escalate. Many cyber intrusions could
be prevented by implementing sound cybersecurity practices, but companies
must be better motivated to make these investments. And while the Federal
government continues to take actions to improve our nations
cybersecurity under our existing legal frameworks, our laws need updating
if we are to even the playing field with the cybercriminals.
To address these gaps, and at the invitation of Congressional leaders,
the Administration delivered a major cybersecurity legislative proposal.
This proposal incorporates many of the ideas of Senate and House leaders.
It includes national requirements for consumer notification after data
security breaches to help Americans take steps to protect themselves and
hold companies accountable. It also gives companies a defined process so
they can build their internal response plans. It provides for new
authorities for the Secretary of Homeland Security to ensure government
networks remain safe and reliable, and a unique framework to protect
privacy and civil liberties. It would encourage critical infrastructure
owners and operators to make the necessary investments to limit the
current surge of cyber intrusions, and would set clear expectations for
companies to let the Federal government know promptly if intrusions do
occur essential information that can help us stop an incident from
turning into a crisis.
Unfortunately, time is not on our side. Since the White House delivered
the Administrations proposal to Congress, a number of new security
breaches have been reported. We need Congressional leaders to move
forward with a cross-committee and bipartisan approach. Some good news:
just last week, we had a very encouraging meeting with a bipartisan group
of Senators that ended with agreement to work together to enact
cybersecurity legislation as soon as possible. The time is ripe to make
proposal into law, and give the government and private sector the extra
tools needed to fight those who would harm us.
Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant
to the President.
The (US) Administrations cybersecurity proposal ..
Law Enforcement Provisions Related to Computer Security (7 pages, 39 kb)
Section by Section Analysis (1 page, 29 kb)
Data Breach Notification (11 pages, 124 kb)
Section by Section Analysis (5 pages, 62 kb)
Department of Homeland Security Cybersecurity Authority and Information
Sharing (13 pages, 151 kb)
Section by Section Analysis (7 pages, 91 kb)
Cybersecurity Regulatory Framework for Covered Critical Infrastructure (9
pages, 50 kb)
Section by Section Analysis (5 pages, 65 kb)
Coordination of Federal Information Security Policy (13 pages, 62 kb)
Section by Section Analysis (6 pages, 73 kb)
Personnel Authorities Related to Cybersecurity Positions (5 pages, 29 kb)
Section by Section Analysis (1 page, 22 kb)
Preventing Restrictions on Data Center Locations (1 page, 11 kb)
Section by Section Analysis (1 page, 20 kb)
Complete Cybersecurity Proposal (60 pages, 262 kb)
Complete Section by Section Analysis (25 pages, 116 mb)
More information about the Link