Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

White House Presses For New Cybersecurity Laws

Congress has dragged its feet for years on passing cybersecurity legislation, so the Obama administration is applying pressure.

Top 10 Open Government Websites
Top 10 Open Government Websites
(click image for larger view and for slideshow)
The White House is urging Congress to pass President Obama's cybersecurity legislation in 2012 to give officials the authority they need to combat "growing and increasingly sophisticated cyberthreats," according to the leading U.S. cybersecurity official.

White House Cybersecurity Coordinator Howard Schmidt called for legislators to "modernize" outdated laws surrounding cybersecurity by supporting the broad legislative proposal President Obama sent to Congress in May, according to a White House blog post.

"It is our sincere hope that members of Congress will look at the significant amount of public debate that has been occurring on these issues--as well as the work and debate on this issue over the years in the Congress--and continue to work in a bipartisan manner to quickly enact legislation to address the full range of cyber threats facing our nation," Schmidt said.

[ The feds are trying to better understand what is happening in cyberspace. Read FBI Seeks Data-Mining App for Social Media. ]

Indeed, Congress has dragged its feet for years on passing cybersecurity legislation despite the fact that there are numerous bills circulating, some of which call for the same regulations as the White House plan. Congressional leaders had expressed an interest in passing cybersecurity legislation by the end of last year but it did not happen.

Schmidt's urging came a day after President Obama's annual State of the Union address, in which the president mentioned the proposal as a way "to stay one step ahead of our adversaries" by securing cyberspace.

Laws authorizing collaboration with the private sector--which the feds already are engaged in--are a key part of the proposal and should be addressed in whatever Congress passes, Schmidt said.

"Legislation that fails to provide the legislative authorities our professionals need to work with the private sector to ensure the safe and reliable operation of our critical infrastructure networks would not be commensurate with the very real and urgent risks to our nation," he said.

Other aspects of the plan place cybersecurity authority more squarely in the hands of the Department of Homeland Security (DHS)--which already has a key role in leading federal cybersecurity efforts--and address data breaches and privacy protections.

Specifically, Obama's legislative proposal clarifies how companies can share information about cyberthreats with the DHS, and allows the agency to help critical infrastructure companies with their cybersecurity needs if the private sector wants assistance.

The DHS also would be responsible for defining risks that controllers of the most critical infrastructure need to mitigate and require them to provide their plans for doing so to the agency.

In terms of data breaches, Obama's legislation includes a national standard for reporting breaches to replace 47 existing state data-breach reporting laws. It also would toughen up minimum punishments for cyber criminals.

The DHS also factors into the privacy-protections built into the White House plan. The department would be required to develop privacy and civil liberties procedures that the Attorney General would oversee and approve, and companies that want to share information with the government would first have to wipe it of any identifying information unrelated to cyber threats.

There has been some opposition to the White House cybersecurity plan. The U.S. Chamber of Commerce, for instance, worried that placing cybersecurity requirements on critical infrastructure companies would place an undo regulatory and financial burden on them, among other concerns.

How 10 federal agencies are tapping the power of cloud computing--without compromising security. Also in the new, all-digital InformationWeek Government supplement: To judge the success of the OMB's IT reform efforts, we need concrete numbers on cost savings and returns. Download our Cloud In Action issue of InformationWeek Government now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...