CybersecurityGovernment launches cybersecurity plan

Published 16 May 2011

Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks; under the proposed plan, DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security” ; DHS would also be empowered to set policies and activities for government systems; the plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval; DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate”

Last week the Obama administration unveiled its plan to secure federal computer networks, critical industries, and consumers from cyberattacks.

Under the proposed plan, DHS will lead government efforts to secure networks with “primary responsibility within the executive branch for information security.” DHS would also be empowered to set policies and activities for government systems.

In addition, the plan would require critical infrastructure operators like electric companies and large financial firms to present cybersecurity plans to DHS for approval. DHS auditors would review the plans with the operators, discuss any shortcomings and “take other action as may be determined appropriate.”

Plans that are deemed insufficient could lead to shutdowns, fines, or other monetary or civil penalties.

The cybersecurity proposal does not create cybersecurity officer within the executive branch, instead federal authority and leadership would be designated within DHS, which will “develop and conduct risk assessments for federal systems and, upon request, critical information infrastructure.”

If an intrusion is detected, DHS will have the authority to deploy and operate detection and prevention systems on any government network.

DHS will also establish a cybersecurity information sharing center to increase cooperation between all relevant stakeholders including federal, state, and local governments as well as the private sector.

The plan also offers some protection to consumers as it clarifies the current patchwork of state laws that mandate when a company must notify individuals that sensitive information may have been lost, stolen, or compromised on their networks.

Administration officials say that the proposed law is designed to facilitate cooperation with the private sector and is a signal that no single entity can effectively guard against all cyber security threats.

The legislation was sent to Congress on 12 May and is currently being debated.

In a statement, the White House declared, “The administration has responded to Congress’ call for input on the cybersecurity legislation that our nation needs. We look forward to engaging with Congress as they move forward on this issue.”