White House proposals include breach notification law

Share this article:

The White House on Thursday unveiled sweeping cybersecurity legislative proposals to Congress that would create a national data breach notification law and clarify the U.S. Department of Homeland Security's role in defending private and public networks.

The recommendations, created in response to Congress' call for assistance on how to address the country's cybersecurity needs, is focused on improving security for citizens, the nation's critical infrastructure and the federal government's own networks and computers, the White House said Thursday in a news release.

The proposal follows the president's nearly two-year-old Cybersecurity Policy Review, which declared cyberspace a key strategic national asset and laid out an action plan for securing the country's networks.

“We look forward to working with Congress as it moves forward on this issue,” Howard Schmidt, cybersecurity coordinator and special assistant to the president, said in a statement posted Thursday to the White House website.

The proposal by the Obama administration aims to improve protections for Americans by standardizing the existing 47 state data breach notification laws into one overarching federal statute that requires businesses to alert customers if their personal information is inadvertently exposed.

A national data breach notification law has been in the works for a number of years. Several versions have made the rounds, but nothing ever has cleared both chambers. This mainly has been due to other Congressional priorities and, more specific to the bills, disagreement over what constitutes a suitable threshold to report a breach.

Thursday's proposal from the White House also asks for mandatory minimum penalties for cyber intrusions into critical infrastructure.

The White House additionally is seeking to improve the protection of critical infrastructures, such as the electric grid and financial networks, by clarifying the type of assistance the DHS can provide to private-sector organizations that have suffered an infiltration.

Organizations have, in the past, asked for the federal government's help investigating attacks or building defenses, but the lack of a clear legal framework describing the DHS' authority has slowed any aid the department can provide, the White House said.

In addition, the suggested legislation also would require the DHS to work with private-sector owners and operators of critical infrastructure to prioritize the most pressing threats affecting their networks. Entities would develop their own plans for addressing those risks and then have the plan assessed by a third-party commercial auditor.

As it relates to government computers and networks, the proposal would update the Federal Information Security Management Act (FISMA) by formalizing the DHS' role in managing cybersecurity for federal civilian computers and networks, the White House said. It would also formalize the DHS' authority to oversee intrusion prevention systems for all executive branch computers.

Further, it would give the DHS more flexibility to hire cybersecurity professionals in an effort to boost the recruitment of highly qualified experts.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.