WASHINGTON — The White House proposed draft legislation on Thursday aimed at toughening the defenses of government and private industry against the growing danger from cyberattack.
“Our nation is at risk,” the White House said in a statement. “Cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.”
“It has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated,” it said.
US President Barack Obama has identified cybersecurity as a top priority of his administration and the White House legislation joins some 50 cyber-related bills introduced during the last session of Congress.
The White House bill would require critical infrastructure such as the power, financial and transportation sectors to come up with plans to better protect their increasingly Internet-connected computer networks.
“Market forces are pushing infrastructure operators to put their infrastructure online,” the White House noted, making it “vulnerable to cyberattacks that could cripple essential services.”
The bill would require the Department of Homeland Security (DHS) to work with private industry to identify “core critical-infrastructure operators” and identify the most serious cyber threats that they face.
Critical infrastructure operators would need to develop “frameworks” for addressing cyber threats which would be assessed by third-party, commercial auditors.
In the event an operator’s cyber defense plan falls short, DHS could modify it and “help them shore up plans that are deemed insufficient by commercial auditors,” the White House said.
The bill would standardize the various state laws that require companies to report data breaches that compromise the personal information of consumers and would also stiffen the penalties for cyber crime.
The proposal clarifies the type of assistance the federal government can provide private industry or state and local governments in dealing with cyber intrusions and outlines procedures to promote an exchange of information.
“At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties,” the White House stressed.
The bill also addresses the cybersecurity needs of the government, whose computers are attacked millions of times a year, and formalizes the role entrusted to the DHS in managing and defending government civilian networks.
The Pentagon is responsible for protecting military networks.
The bill gives the DHS more flexibility in hiring cybersecurity specialists in a highly competitive market and allows the government and private industry to temporarily exchange experts.
The White House is hoping for action by Congress on the bill this year.
Senator Jay Rockefeller, a Democrat from West Virginia, and Senator Olympia Snowe, a Republican from Maine, who have introduced their own cybersecurity legislation in the Senate, welcomed the White House’s proposal.
“The White House has presented a strong plan to better protect our nation from the growing cyber threat,” Rockefeller said. “It establishes clear roles, responsibilities and accountability for cybersecurity in government and the private sector.”
Snowe said she hopes to see swift passage of comprehensive cybersecurity legislation.
“Further delay compromises our ability to better protect Americans against cyber intrusions and attacks that target our financial, commercial, transportation and communications sectors,” she said.