US government proposes legislative package to improve cyber security
The US government has proposed a legislative package that is designed to improve the country's and its citizens' IT security. The proposal is to substantially update and revise the existing legislation in such fields as data protection and infrastructure security as well as the sanctioning of offenders. It aims to improve the protection of consumer and government administration systems, and enhance infrastructure security, which is particularly important for the country's industry.
With these measures, US President Barack Obama is fulfilling the promise he made a year ago to make cyber space security a top priority. A fact sheet on the legislative package states that members of both parties in Congress have introduced approximately 50 cyber security bills in the last session of Congress. According to the fact sheet, these bills are a response to repeated intrusions into important systems and to a dramatic increase in cyber crime over the last decade. After reviewing the existing legislation, the US government reportedly identified a need to update this legislation in order to improve system protection. The new legislative proposal is to provide these improvements.
In the view of the US government, one of the current problems is that there are no clear guidelines concerning the assistance the Department of Homeland Security (DHS) can provide in the area of cyber threat analysis. "The lack of a clear statutory framework describing DHS’s authorities has sometimes slowed the ability of DHS to help the requesting organisation", the government stated in the fact sheet. Reportedly, the US government also wants to improve the sharing of cyber threat information with local governments and private businesses. Furthermore, it said that the operators of critical-infrastructure system must be accountable for their cyber security as such systems are increasingly connected to the internet.
The US legislators also want to ensure that consumers who are affected by a data breach must be informed about the leak by the company that suffered the intrusion. This is reportedly designed to make consumers more aware of potential threats and motivate companies to improve the security of their IT systems. The proposal sets out to simplify and standardise the existing patchwork of 47 US state laws that already contain such requirements.