The White House unveiled a set of cybersecurity proposals last week, including a suggestion that Congress pass a law giving private companies greater incentives to improve security. The proposed legislation would not impose strict new security requirements on companies--as some had feared--but it would enhance penalties for attacking computer systems.

The White House is also recommending that the Department of Homeland Security be given greater authority over private computer networks that it designates "critical infrastructure," report David E. Sanger and John Markoff at The New York Times. The agency would collaborate with financial firms, energy firms, water suppliers and other companies to determine which security threats are the gravest and to come up with ways to combat the threats. Companies would have to bring in an independent auditor to evaluate their security strategies, and those in the financial sector would have to submit their strategies to the Security and Exchange Commission.

The proposals also include a federal data breach notification law that would replace state notification laws already on the books.

As Computerworld's Jaikumar Vijayan points out, these proposals were not unexpected. They largely reflect debate that has endured for years on Capitol Hill as well as President Obama's National CyberSecurity Initiative, unveiled about two years ago.

"Congress, for instance, has been working on a data breach law to supersede state laws since 2004," said Richard Stiennon, an analyst at IT Harvest, adding that computer security collaboration between the government and private companies has been in place for years. "That's what US-CERT was set up for."

For more:
- see Sanger and Markoff's article at The New York Times
- see Jaikumar Vijayan's article at Computerworld
- see this FierceGovernmentIT article

Related Articles:
More sunlight needed on network security discussion
Would 'trusted identities' be trustworthy?
Expanded surveillance proposal raises security red flags-