Policy

Feds to Take a Bite Out of Cybercrime

5/16/2011 12:01 AM Eastern

Washington — The Obama administration wants
“critical infrastructure” industries to work with the
Department of Homeland Security on a cybersecurity
framework that
includes regular reporting
requirements
and sharing data with
the government and law
enforcement.

The White House last
week unveiled a legislative
package to do that,
as senior government
officials stressed the formation
of a public-private
partnership.

Officials did not identify
which industries
would qualify as “critical
infrastructure,” but cable operators and other Internet-
service provides will almost certainly be in the mix.

The administration has already taken steps to
boost cybersecurity, said a senior White House official speaking on background, adding that the nation
cannot fully defend itself from cyber attacks unless
“certain laws are updated.”

A Justice Department official said the reporting requirement
will apply to “certain data breaches under
certain circumstances.” The point was to standardize a
patchwork of state reporting requirements companies
already must follow.

The reporting requirements to the public will need to
be easy to understand, a Commerce Department official
said, so companies can take appropriate action.

While industry players will be encouraged to collaborate
with the DHS on a framework, an official with that
agency said it has the backstop authority to enforce the
framework and will work such protections into government
contract language as an incentive. Executives will
need to sign off on the plans and provide regular progress
reports to government and the public.

Private firms will be expected to share network information
with the government so they can collaborate to
prevent breaches. There were assurances that the privacy
of such information would be protected by several
layers of oversight and include review by outside civilliberties
experts and a sign-off by the attorney general.

Asked by one reporter why industry was getting input
and some control over the framework, rather than having
regulations flow from the top down, a senior White House
official cited the president’s directive to gauge new regulations
by their effect on innovation and the economy.

“We are trying to create an institutional culture of cybersecurity,
rather than a slow-moving regulatory structure,”
a Commerce Department official added.

Similar cybersecurity legislation is being teed up in
the Senate, and Sen. Jay Rockefeller (D- W. Va.), who has
been a leader on the issue, said he hoped to get a bill
passed this year.

“The White House has presented a strong plan to better
protect our nation from the growing cyber threat,” he
said in a statement. “Their plan incorporates many of the
same elements of the bill we introduced last year. It establishes
clear roles, responsibilities and accountability for
cybersecurity in government and the private sector. Protecting
our networks is a shared responsibility and, like
our bill, the Administration’s plan proposes close collaboration
between the government and private sector.”

March