On January 20, 2015, President Obama addressed a joint session of the United States Congress to deliver his 2015 State of the Union address. The President identified cyber security as one of the national defense priorities by saying:
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids…If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Although the President called for cyber security legislation in 2013, this year’s remarks were significantly more detailed and had increased urgency.
The President went on to say that he would be proposing legislation to Congress in hopes of better protecting companies and consumers against cyber threats. The proposed legislation will include:
- Enabling cyber security information sharing. This legislation is intended to encourage companies to share cybersecurity information with the government while protecting privacy. The proposal would have the private sector share cyber threat information with the U.S. Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which would then share it with relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs). The proposal also includes provisions to provide private sector companies with limited liability and also requires that all personal identifying information be stripped from the information shared with the government. This information-sharing proposal is not necessarily new and past efforts have been derailed due to concerns around liability and privacy.
- Modernizing Law Enforcement Authorities to Combat Cyber Crime. This legislative proposal would change existing laws to allow for the prosecution of the sale of botnets. It would also criminalize the overseas sale of stolen U.S. financial information like credit and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware, and would give courts the authority to shut down botnets involved in criminal activity.
- National Data Breach Reporting. Finally, the President proposes to establish a national standard for companies to notify employees and customers about security breaches. Currently, a patchwork of 46 individual state laws and those of the District of Columbia and several U.S. territories protect consumers and require different levels of reporting and action for those companies experiencing a breach.
In addition to these legislative proposals, the White House hosted a Summit on Cybersecurity and Consumer Protection at Stanford University on February 13, 2015. They will provide $25 million in grants, through the U.S. Department of Energy, to 13 historically black colleges and universities and two national laboratories to support a cybersecurity degree consortium.
Although many barriers exist to the adoption of these proposals, 2015 should see significant efforts by Congress and federal agencies to combat the growing cyber threat.
Further details on the President’s cybersecurity initiatives can be found at http://www.whitehouse.gov/the-press-office/2015/01/13/securing-cyberspace-president-obama-announces-new-cybersecurity-legislat.