White House Unveils Cybersecurity Legislative AgendaCivilian Agency Infosec Authority Would Be Centered in DHS
In a comprehensive cybersecurity legislative agenda, outlined in a White House blog, President Obama also called for a federal data breach notification law and criminal penalties for cybercrimes. Besides establishing a new framework aimed at protecting individuals' privacy and civil liberties, the White House proposal also would codify practices that allow DHS to help states and businesses respond to cyberattacks and provides immunity to organizations that share cybersecurity information with DHS.
White House Cybersecurity Coordinator Howard Schmidt portrayed the proposal as a milestone in the national effort to ensure secure and reliable networks for Americans, businesses and government. "Fundamentally," Schmidt said, "this proposal strikes a critical balance between maintaining the government's role and providing industry with the capacity to innovatively tackle threats to national cybersecurity. Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy."
Senate Majority Leader Harry Reid, D-Nev., said the president's proposals would be an important part of the Senate's efforts to pass a comprehensive cybersecurity legislation this summer. Rep. Mac Thornberry, the Texas Republican tapped by Speaker John Boehner to coordinator House cybersecurity initiatives, said he was pleased the White House finally issued its proposals. "Now that we have the proposals, we are going to study them carefully," he said.
The president's proposal would give DHS more flexibility in hiring cybersecurity professionals and permit the government and business to temporarily exchange experts, so that both can learn from each others' expertise.
Cloud computing gets a boost from the proposal; the White House seeks to prevent states from requiring companies to build their data centers in that state, except where expressly authorized by federal law, so not to cripple a new industry by protectionist measures.
What the Obama administration does not propose is establishing an Office of Cyberspace with a Senate confirmed director in the White House, as proposed in a number of bills before Congress. House Cybersecurity Caucus Cofounder James Langevin, D-R.I., called that a shortcoming. "Congress must revisit this issue," he said.
Langevin also expressed disappointment that the president's plan didn't address defense cybersecurity.
Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., welcomed the president's proposal, especially the provisions to establish a national standard for data breach notification and new tools to combat cybercrime.
Senate Commerce, Energy and Transportation Committee Chairman Jay Rockefeller, the West Virginia Democrat who has sponsored comprehensive cybersecurity legislation, characterized the president's agenda as a "strong plan to better protect our nation from the growing cyberthreat." His cosponsor, Sen. Olympia Snowe, R-Maine, said it was regrettable that the administration took more than two years to present its legislative proposals. "It is imperative that the administration come before Congress very soon to brief us on the reasoning behind its proposals," Snowe said in a statement.