The White House unveiled a cyber-security proposal that it hopes Congress will use as a framework for legislation.
The plan includes national data breach reporting, increased penalties for computer crimes, rules that would allow the private sector to commiserate with the Department of Homeland Security on cyber-security issues, and cyber-security audits for critical infrastructure providers.
"Our Nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity," the White House said in a statement. "The Administration has responded to Congress' call for input on the cybersecurity legislation that our Nation needs, and we look forward to engaging with Congress as they move forward on this issue."
The plan has four components: protecting American citizens; protecting critical infrastructure; protecting the federal government's computer systems; and protecting civil liberties.
First, the White House recommends national data reporting instead of a patchwork of state laws. At this point, 47 states have laws that require companies to inform consumers if a hacker has gained access to their personal information. The White House proposal would have all companies in all states adhere to one law in the interest of simplicity.
The plan also sets mandatory minimum sentences for cyber intrusions into critical infrastructure. All too often, penalties for computer crimes are not synched up with other criminal statutes.
The administration also tackled information sharing between the public and private sector. Sometimes, companies that have been hacked will ask DHS for its assistance, but there are no clear rules that establish DHS's authority in these matters. The proposal would allow DHS to step in quickly and assist, while clarifying what type of help it can provide.
Similarly, the plan would allow businesses or local governments to share information with the federal government about computer viruses or other cyber threats they have uncovered.
The plan would also formally designate DHS as the agency heading up cyber-security issues for the feds. It would also streamline the process by which Internet service providers obtain immunity for blocking attacks against government computers.