It's unclear exactly how the emerging government push to strengthen cybersecurity across industry and government--and everyone in between--will ultimately play out. We're still not sure exactly what the ultimate rules will be.

About 50 cybersecurity measures were introduced in Congress last session. Most will not pass. But we're certainly seeing some consensus form around the idea of better protection of energy and utility companies, as well as other infrastructure companies. These companies stand to be the most affected.

According to a White House fact sheet, companies will be asked to "develop their own frameworks for addressing cyberthreats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans."

Companies that are already required to report to the SEC would have to certify that their plans are sufficient. A summary of the plan would be made publicly available.

For companies in need of remedial work, DHS, working with the National Institute of Standards and Technology, could modify the framework and shore up plans that are deemed insufficient by auditors. The administration's proposal also provides for more support when breaches occur.

We'll also likely see federal law pre-empt about 47 state laws, and we'll likely see stepped-up enforcement. It's possible that RICO statutes will be increasingly used in such investigations.

For more:
- here's an overview (.pdf)

Related Articles:
Group suggests path to cyber security   
Hackers step up attacks on security firms