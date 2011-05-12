The White House Thursday is announcing a cybersecurity

legislative package that will require critical infrastructure companies to work

with the Department of Homeland Security to come up with a cybersecurity

framework and would require them to report breaches to the government and the

public.

Senior government officials Thursday assured reporters the

regime would be a public-private partnership and the legislative package would

be the beginning of a dialog on the measures.

While they did not identify who would qualify as a critical

infrastructure, cable and other ISPs are almost certainly going to be in

the mix.

The administration has already taken steps to boost

cybersecurity, said a senior White House official speaking on background, but

added that the nation cannot fully defend itself from cyber attacks unless

"certain laws are updated."

According to a Justice Department official, the reporting

requirement will apply to "certain data breaches under certain

circumstances'." He said that the point was to standardize a patchwork of

state reporting requirements that companies are already subject to.

A Commerce Department official indicated that the reporting

requirements to the public will need to easy to understand so they will be able

to take appropriate action.

While industry players will be encouraged to work together

with DHS on a framework, an official there said it has the backstop authority

to enforce it, and will work such protections into government contract language

as an incentive. Executives will need to sign off on the plans, and

provide regular reports to government and the public on how they are

working.

Industry will be expected to share network information with

the government so they can work together to prevent breaches, and there were

assurances that the privacy of such information would be protected via a number

of layers of oversight, include review by outside civil liberties experts and a

sign-off by the attorney general.

Asked by one reporter why industry was getting input and

some control over the framework, rather than a top-down regulatory structure, a

senior White House official said it dovetailed with the President's directive

to gauge new regs by their impact on innovation and the economy. "We

are trying to create an institutional culture of cybersecurity rather

than a slow-moving regulatory structure," added a Commerce official.

"We don't believe government has all the answers,"

said a Homeland Security official, or that it should implement a

"thou shalt do x, y and z" regime. "This is to enable

industry to figure out the best way to protect itself.

There is similar cybersecurity being teed up in the

Senate and Senator Jay Rockefeller (D- W. Va.) who has been a leader on the

issue said he hoped to get a bill passed this year.

"The White House has presented a strong plan to better

protect our nation from the growing cyber threat," he said in a statement.

"Their plan incorporates many of the same elements of the bill we

introduced last year. It establishes clear roles, responsibilities and

accountability for cybersecurity in government and the private sector.

Protecting our networks is a shared responsibility-and like our bill, the

Administration's plan proposes close collaboration between the government and

private sector. I am also pleased their proposal includes new protections for

Americans in the event of a data breach."

Commerce Committee member Olympia Snowe (R-Me.), who

has worked with Rockefeller on cybersecurity legislation suggested the

White House was a little late to the party. "While the Administration's delay

in providing critical input to the legislative process is regrettable, it is my

understanding that the administration proposal parallels many of the

objectives, particularly pertaining to modernizing the public-private

partnership, that Senator Rockefeller and I have advocated," she said...

"I look forward to working with my colleagues in the Senate, House and the

Administration to swiftly pass comprehensive cybersecurity legislation as

further delay compromises our ability to better protect Americans against cyber

intrusions and attacks that target our financial, commercial, transportation

and communications sectors."