White House Seeks Mandatory 3-Year Sentence for Critical-Infrastructure Hackers

White House Seeks Mandatory 3-Year Sentence for Critical-Infrastructure Hackers


A mandatory minimum three-year prison sentence is being sought by the White House against hackers who penetrate and cause considerable harm to critical infrastructure systems.

The Obama administration, in a legislative proposal it sent to Congress on Thursday, which outlines a lengthy but vague list of cyber-security provisions, is requesting the lawmakers to include the mandatory prison sentence in upcoming bills.

The list includes several changes to the laws that govern hacking, as well as laws granting authority to the federal government to help private companies secure their computer networks when asked to minimize threats.

A national data-breach law, which would help standardize patchworks of state laws and prod companies that run critical-infrastructure systems to create a security plan customized to shield against threats to their systems, is also being sought by the administration.

The plans would be subject for evaluation by an independent commercial auditor. The Department of Homeland Security would also be authorized to request modifications to the plans should the government finds them insufficient.

The government is also asking Congress to require critical infrastructure companies to immediately report any significant breaches to DHS and to provide them with immunity from civil lawsuits for sharing information with the government.

Critical-infrastructure systems are classified as those that control or manage systems that are vital to national security, economic security, national defense, public health or safety.

These include companies that are involved in the production and management of gas, oil, electricity and water, finance and banking systems, transportation systems and services, telecommunication networks, emergency services, and other government entities that provide critical services to the public.