WASHINGTON (AP) - Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal to beef up the country's cybersecurity.
The approach is similar to congressional legislation already in the works, but some criticized it as being too weak Thursday, while the business community said it preferred a voluntary program rather than government mandates.
Under its proposed legislation, the White House would give the Department of Homeland Security the authority to work with industry to come up with ways to secure their computer systems and protect against cyber threats. If a company fails to do so, or comes up with an inadequate plan, DHS would be able develop its own security framework for that firm.
The proposals reflects the broad understanding that any more stringent regulatory system - such as the one that controls safety at nuclear power plants - would get little support, and business groups have been lobbying strongly for as much of a voluntary program as possible.
The government should encourage the private sector to voluntarily adopt security standards, and "avoid a one-size-fits-all, mandated approach to cybersecurity," said Phil Bond, president of TechAmerica, which represents about 1,200 companies.
But critics say the White House approach has little teeth.
"The Administration's proposal shows no sense of urgency," said Stewart Baker, a former senior Homeland Security official. "It tells even critical industries on which our lives and society depend that they will have years before anyone from government begins to evaluate their security measures."
Under the administration's proposal, an independent group would evaluate the security plans. And the DHS could use that evaluation as it makes purchasing decisions, thus potentially rewarding companies who take strong measures to secure their networks from intrusions.