The White House has formally unveiled its anticipated cybersecurity legislative proposal. As expected, a key component of the plan is for authority to regulate the cybersecurity defenses of major industries including the financial industry, the power grid and transportation networks.
As the White House exlpains, the thrust of the private sector regulatory proposal would involve the use of third-party certification of cybersecurity plans.
Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans. … In the event that the process fails to produce strong frameworks, DHS, working with the National Institute of Standards and Technology, could modify a framework. DHS can also work with firms to help them shore up plans that are deemed insufficient by commercial auditors.
See, White House Cybersecurity Legislative Proposal.
See, White House draft bill expands DHS cyber responsibilities