[LINK] US Cybersecurity Legislation

stephen at melbpc.org.au stephen at melbpc.org.au
Sun Oct 30 02:03:34 AEDT 2011 

The White House Blog  <http://www.whitehouse.gov/blog>

"The Time is Ripe for Cybersecurity Legislation"

Posted by Howard A. Schmidt on October 28, 2011 

It was late evening when the call came in to one of our law enforcement 
agencies. Nasdaq management was on the line asking for assistance with a 
security breach they had discovered. 

Within twenty-four hours, a joint Federal team was on the way to New York 
to provide support and begin the investigation. Shortly afterwards, I was 
in the White House Situation Room with other top officials to review what 
steps we needed to take to strengthen the security of our networks.

This intrusion taught us a few lessons about the shortcomings of our 
current cybersecurity system. 

For instance, we greatly appreciate it when corporate leadership alerts 
the Federal government to serious intrusions, yet there is no general 
national requirement that companies do so. In cases of cybersecurity 
incidents that can damage our critical infrastructure such as the 
electric grid or our financial, transportation, and communication 
networks – damage that can put our national security, public safety, and 
economic prosperity at risk – the Federal government must know what is 
happening so that it can take steps to bring adversaries to justice and 
help protect Americans.

Unfortunately, our critical infrastructure has suffered repeated cyber 
intrusions in the past year. Cybercrime, including online identity theft 
that hurts millions of Americans as well as the theft of intellectual 
property – American companies’ innovative ideas that are the lifeblood of 
our economic growth – continues to escalate. Many cyber intrusions could 
be prevented by implementing sound cybersecurity practices, but companies 
must be better motivated to make these investments. And while the Federal 
government continues to take actions to improve our nation’s 
cybersecurity under our existing legal frameworks, our laws need updating 
if we are to even the playing field with the cybercriminals.

To address these gaps, and at the invitation of Congressional leaders, 
the Administration delivered a major cybersecurity legislative proposal.

This proposal incorporates many of the ideas of Senate and House leaders. 

It includes national requirements for consumer notification after data 
security breaches to help Americans take steps to protect themselves and 
hold companies accountable. It also gives companies a defined process so 
they can build their internal response plans. It provides for new 
authorities for the Secretary of Homeland Security to ensure government 
networks remain safe and reliable, and a unique framework to protect 
privacy and civil liberties. It would encourage critical infrastructure 
owners and operators to make the necessary investments to limit the 
current surge of cyber intrusions, and would set clear expectations for 
companies to let the Federal government know promptly if intrusions do 
occur – essential information that can help us stop an incident from 
turning into a crisis.

Unfortunately, time is not on our side. Since the White House delivered 
the Administration’s proposal to Congress, a number of new security 
breaches have been reported. We need Congressional leaders to move 
forward with a cross-committee and bipartisan approach. Some good news: 
just last week, we had a very encouraging meeting with a bipartisan group 
of Senators that ended with agreement to work together to enact 
cybersecurity legislation as soon as possible. The time is ripe to make 
proposal into law, and give the government and private sector the extra 
tools needed to fight those who would harm us.

Howard A. Schmidt is the Cybersecurity Coordinator and Special Assistant 
to the President. 

 http://www.whitehouse.gov/omb/legislative_letters

The (US) Administration’s cybersecurity proposal ..

Law Enforcement Provisions Related to Computer Security (7 pages, 39 kb)
     Section by Section Analysis (1 page, 29 kb)

Data Breach Notification (11 pages, 124 kb)
    Section by Section Analysis (5 pages, 62 kb)
 
Department of Homeland Security Cybersecurity Authority and Information 
Sharing (13 pages, 151 kb)
    Section by Section Analysis (7 pages, 91 kb)

Cybersecurity Regulatory Framework for Covered Critical Infrastructure (9 
pages, 50 kb)
     Section by Section Analysis (5 pages, 65 kb)

Coordination of Federal Information Security Policy (13 pages,  62 kb)
     Section by Section Analysis (6 pages, 73 kb)

Personnel Authorities Related to Cybersecurity Positions (5 pages, 29 kb)
     Section by Section Analysis (1 page, 22 kb)

Preventing Restrictions on Data Center Locations (1 page, 11 kb)
     Section by Section Analysis (1 page, 20 kb)

Complete Cybersecurity Proposal (60 pages, 262 kb)
     Complete Section by Section Analysis (25 pages, 116 mb)

--

Cheers,
Stephen

More information about the Link mailing list