Larry Clinton, ISA president and chief executive officer, said the proposal fails to take into account how cybersecurity threats have evolved over the past few years.
"They are fighting the last war. The model they are using for dealing with the private sector is largely antiquated", Clinton said on a yet-to-be-aired episode of C-SPAN's "The Communicators", according to a report by The Hill newspaper.
The Obama proposal would put the Department of Homeland Security in charge of developing cybersecurity regulation for critical infrastructure, including infrastructure run by the private sector. DHS would have the authority to develop and conduct risk assessments of private sector critical infrastructure.
"This is a punitive model where we're trying to blame the victims of the attack. I don't think that the administration's proposal really does anything that I can see to enhance cybersecurity….There's really no doubt that they have proposed here developing a fairly extensive regulatory structure and again that is precisely the opposite of what the president himself promised when he released the cyberspace policy review back in 2009", Clinton said in the interview.
Clinton called for incentives to improve private sector cybersecurity, such as liability protections, tax incentives, and the federal government programs to encourage firms to adopt better security practices. He also suggested streamlining federal regulations and giving the insurance industry a larger role in cybersecurity.