The White House Cybersecurity Proposal would make the Patriot Act look “quaint”.
What The New White House Cybersecurity Proposal Means For The IT Security Industry, Businesses, And Consumers
by Forrester Research
The White House released a proposal for cybersecurity legislation yesterday. The fact sheet can be found here. This is a proposal for legislation – a framework for a bill. What final bill emerges and gets voted on, and ultimately becomes law (if anything does), is yet to be determined. I have only read through the fact sheet, so here is my preliminary analysis.
1. This goes beyond CIP (critical infrastructure protection).
The proposal focuses primarily on critical infrastructure protection. But it also extends to the area of data breaches in general – which can hit organizations in any industry sector. Related to that, it also addresses consumer protections regarding data breaches. This added focus on consumer protection really has nothing to do directly with CIP. But the cybersecurity proposal is probably Obama’s best chance to get something like this through. However, I put the chances of these consumer protections surviving the legislative journey at less than 50%.
2. DHS is taking a lead role in security information sharing.
According to the fact sheet:
“Organizations that suffer a cyber intrusion often ask the Federal Government for assistance with fixing the damage and for advice on building better defenses…[This proposal] provides [organizations sharing information with the DHS] with immunity when sharing cybersecurity information with DHS. At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties.”