White House Calls for New Cyber Watchdogs
The Obama Administration has released details about their legislative proposal that would authorize federal regulation of private sector cybersecurity. Key to their proposal for regulating the cyber- defenses of the financial, electric, transportation and other industries is that "each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans."

Under the White House proposal, the Department of Homeland Security would "work with industry to identify the core critical-infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for those operators."

Many questions about the proposal remain to be answered. A few of the issues that require thorough ventilation include:

• Would identification of the "core critical-infrastructure operators" be subject to a notice-and-comment rulemaking subject to the "good government" laws including the Data Quality Act and Paperwork Reduction Act?



• Would development of the criteria that private sector security plans would have to meet be subject to the good government laws?



• What, if any, regulation would be imposed on hardware and software companies that develop and/or provide cybersecurity-related products and services.



• How would audit criteria be determined? How would plans be tested?



• What standards and licensing requirements would be applied to the cyber watchdogs that evaluate private sector cybersecurity plans?