Obama Bill Would Beef Up Cybersecurity Laws
This story was updated at 4:00 p.m. EDT Thursday.
President Obama sent a major piece of cybersecurity legislation to Congress this morning (May 12), asking lawmakers to beef up and streamline existing regulations.
"This is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government; fundamentally, this proposal strikes a critical balance between maintaining the government’s role and providing industry with the capacity to innovatively tackle threats to national cybersecurity," said White House Cybersecurity Coordinator Howard Schmidt in a posting on the White House website. "Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy."
A senior administration official, speaking anonymously, told the political blog Politico that "it has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated."
The text of the legislation has not yet been released, but the Los Angeles Times reports that it would require power-grid companies and other infrastructure utilities to disclose their information security procedures, and also provide legal immunity to all companies that inform the government of network intrusions and other threats.
"Our proposal outlines key steps to take in order to better protect the American people from cyber crime and identity theft, to better safeguard critical infrastructure as well as the federal government computers and networks, and to better protect individuals’ privacy and civil liberties," an unnamed administration official told the Times.
A "fact sheet" on the bill posted by Schmidt says that the legislation also would authorize the Department of Homeland Security to quickly step into an emergency cybersecurity situation, if asked to do so by a public or private organization. The Times said that the legislation itself establishes parameters on what sort of assistance the DHS may provide.
Privacy advocates may be cheered by strengthened civil-liberties protections, which according to the Times include limitations on the collection and use of personal information.
"We believe organizations should inform you when your sensitive personal information may have been compromised," Schmidt said in his posting. "Today, our country has a patchwork of 47 state notification laws. Our proposal simplifies and strengthens this reporting requirement and reaches all Americans."