via Government Computer News
Cybersecurity legislation recently proposed by the Obama Administration is hardly revolutionary. Its main purpose is to bolster the security of the nation’s information infrastructure by more clearly defining roles and responsibilities both in government and the private sector.
This is fine, as far as it goes, but the proposal stops short of ensuring the security of privately owned critical infrastructure. The Homeland Security Department would be given limited regulatory authority over core critical infrastructure (“really critical” critical infrastructure), but the enforcement sections are long on carrot and short on stick.
In letters to the leaders of the House and Senate, Jacob J. Lew, director of the Office of Management and Budget, outlined what the proposed legislation would do.
“The Administration’s proposal would protect individuals by requiring businesses to notify consumers if personal information is compromised and clarifies penalties for computer crimes, including mandatory minimums for critical infrastructure intrusions,” the letter says. “The proposal would improve critical infrastructure protection by bolstering public-private partnerships with improved authority for the federal government to provide voluntary assistance to companies and increase information sharing. It also would protect federal government networks by formalizing management roles, improving recruitment of cybersecurity professionals, and safeguarding the nation’s access to cost-effective data storage solutions.”