The Time is Ripe for Cybersecurity Legislation

To address cybersecurity gaps, and at the invitation of Congressional leaders, the Administration delivered a major cybersecurity legislative proposal on May 12, 2011.

This proposal incorporates many of the ideas of Senate and House leaders. It includes national requirements for consumer notification after data security breaches to help Americans take steps to protect themselves and hold companies accountable. It also gives companies a defined process so they can build their internal response plans. It provides for new authorities for the Secretary of Homeland Security to ensure government networks remain safe and reliable, and a unique framework to protect privacy and civil liberties. It would encourage critical infrastructure owners and operators to make the necessary investments to limit the current surge of cyber intrusions, and would set clear expectations for companies to let the Federal government know promptly if intrusions do occur – essential information that can help us stop an incident from turning into a crisis. Unfortunately, time is not on our side. Since the White House delivered the Administration’s proposal to Congress, a number of new security breaches have been reported. We need Congressional leaders to move forward with a cross-committee and bipartisan approach. Some good news: just last week, we had a very encouraging meeting with a bipartisan group of Senators that ended with agreement to work together to enact cybersecurity legislation as soon as possible. The time is ripe to make proposal into law, and give the government and private sector the extra tools needed to fight those who would harm us.

[Schmidt is the Cybersecurity Coordinator and Special Assistant to the President]