http://online.wsj.com/article/SB10001424052748704681904576319613484927634.html

MAY 12, 2011

White House Cybersecurity Plan Boosts Chances of Bipartisan Bill

By SIOBHAN GORMAN

WASHINGTON--The White House unveiled a far-reaching cybersecurity plan Thursday that largely endorsed the leading proposal on Capitol Hill, boosting the chances Congress will enact a new security regime for companies that run key elements of the nation's infrastructure.

The proposals aim to close security gaps in the networks that run critical infrastructure including the electric grid, the financial sector, and transportation, which have been repeatedly penetrated by hackers. The administration is also working on new policies governing military and foreign-policy aspects of cybersecurity threats, people familiar with those discussions said.

Thursday's announcement lifts a major obstacle for the bipartisan bill. Lawmakers have been waiting to proceed since August in anticipation of White House input. Passage will depend on how quickly Senate Majority Leader Harry Reid (D., Nev.) can pass his proposal and whether the House can develop and approve a comparable bill.

The framework, in a bid to appease companies, tries to strike a delicate balance between securing critical networks while not dictating security measures for the private sector. Under the proposals, companies would have considerable leeway to draw up new cybersecurity plans and measure their success at meeting them.

"We don't believe the government has all the answers here," said a senior Homeland Security official.

Industry groups voiced initial support for the White House plan. The U.S. Chamber of Commerce praised the proposal as "the latest in a series of important actions" by the White House on cybersecurity.

Critics said the White House proposal, in trying to please business interests, doesn't do enough to require companies step up their computer security. "The administration's proposal shows no sense of urgency," said Stewart Baker, a former senior official at the National Security Agency and the Department of Homeland Security in the Bush administration. "It tells even critical industries on which our lives and society depend that they will have years before anyone from government begins to evaluate their security measures."

The administration proposal would also establish reporting requirements for computer-security breaches in an effort to standardize the 47 different state laws that currently govern this area.

Because the White House proposal tracks the leading cybersecurity bill on Capitol Hill, lawmakers largely threw support behind it. Mr. Reid said the White House proposal would be an "important part" of his effort to pass cybersecurity legislation this summer, and the top two senators on the Homeland Security committee called it a "welcome and necessary" addition.

Some lawmakers in both parties, however, expressed frustration at the lagging pace of White House action on cybersecurity. "The administration has moved slowly" to implement cybersecurity reform proposals, said Rep. James Langevin (D., R.I.).

White House spokesman Nicholas Shapiro said time was required to allow for a "careful and deliberate effort to strike the proper balance of security and market ingenuity."

The White House proposal differs from the Senate bill in a few different ways that are likely to provoke some debate on Capitol Hill. The Senate seeks to establish a more muscular White House cybersecurity office in statute, while the White House leaves defining that role to the president.

Debate is also expected over whether the president should have additional authority to respond to an emergency cyber attack. The White House proposal doesn't include new presidential emergency powers.

Write to Siobhan Gorman at siobhan.gorman@wsj.com