White House Announces New Cybersecurity Measures

President Obama announced follow up steps to the administration’s 2011 Cybersecurity Legislative Proposal, the International Strategy for Cyberspace and the Executive Order protecting critical infrastructure.

The proposal:

  • enables cybersecurity information sharing between the private sector and the government by encouraging the former to share cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which will then share it with the relevant federal agencies and other organizations;
  • encourages the formation of private-sector-led information sharing and analysis organizations;
  • requires private entities to comply with certain privacy restrictions to safeguard Americans’ personal privacy;
  • requires the Department of Homeland Security and Attorney General, in consultation with others, to develop the receipt, retention, use and disclosure guidelines for the federal government;
  • contains provisions to allow for the prosecution of the sale of botnets, criminalize the overseas sale of stolen U.S. financial information, expand federal law enforcement authority to deter the sale of spyware, and give courts the authority to shut down botnets; and
  • modernizes the Computer Fraud and Abuse Act.

Additionally, the Administration announced that it updated its proposal on security breach reporting to help standardize existing state laws, and puts in place a “clear and timely notice requirement” to ensure that companies notify their employees and customers of security breaches.

See: White House Press Release.
See also: SIFMA Statement on Cybersecurity Proposal.