The White House has issued a cybersecurity legislative proposal (the “Proposal”) aimed at improving cybersecurity for American consumers, the U.S. critical infrastructure, and the Federal Government’s own networks and computers. In issuing the Proposal, the White House stated that the U.S. critical infrastructure, such as the electricity grid, financial sector, and transportation networks, have suffered repeated cyber intrusions, and that cyber crime is on the rise. According to the White House, “cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity.”
Key provisions of the Proposal include:
- national data breach reporting requirements that would replace the varying notification requirements currently imposed by 46 states and the District of Columbia;
- clarified and increased penalties for computer criminals, including mandatory minimum penalties for cyber intrusions into the critical infrastructure;
- new requirements on critical infrastructure operators to develop cyber risk mitigation plans, which would be subject to assessment by external auditors and to certain transparency requirements and cooperation with the Department of Homeland Security (the “DHS”); and
- increased communication and cooperation between the DHS and businesses and state and local government (i) allowing the DHS to provide better and quicker assistance to businesses and state and local governments; and (ii) providing immunity to businesses sharing information about cyber threats to the Federal Government.
The Proposal seeks to ensure that the new requirements would not impinge upon individual privacy and civil liberties.
To view the Fact Sheet issued by the White House regarding the Proposal, click here. We will continue to monitor the progress of the Proposal and provide updates on InsureReinsure.com.