President Barack Obama’s renewed push this week to protect U.S. computer networks from hacking was welcomed by industry leaders, though it lacks the financial incentives companies have been seeking.
Following corporate data breaches of companies including Sony Corp. and Target Corp., Obama today in a speech at the Federal Trade Commission will outline a cybersecurity and identity theft program he plans to highlight in his State of the Union address. The White House released a fact sheet today detailing the plans and saying most people in the U.S. think their personal data isn’t safe online.
“The notion that cybersecurity is going to be a prominent feature in the president’s State of the Union address is a big deal,” Larry Clinton, president of the Internet Security Alliance, which represents technology and manufacturing companies, said in a telephone interview today. “We think a lot more needs to be done.”
Most of what Obama will propose isn’t new. He’ll renew calls for Congress to pass stalled proposals, such as a federal data-breach notification law and legislation giving companies legal protections for sharing information about hacking threats with each other and the government.
However, the concerted push has given industry officials who support the proposals reasons to be optimistic that they will finally be implemented, potentially setting the stage for even more progress this year.
While praising Obama’s effort, Clinton said the administration could do more by providing incentives for companies that adopt the best cybersecurity practices. Incentives could include lessening regulations or giving companies preferences when it comes to winning government contracts, he said.
“The administration has been reviewing these for quite a while now and we are hopeful they will be coming out with a proposal of their own in that direction fairly shortly,” Clinton said.
Last February, the Obama administration announced standards that companies can voluntarily follow to defend their networks from hackers. Industry groups have said the standards are good but fall short without incentives. The administration and companies have since been working on developing them.
Obama will propose legislation today that would require companies that have consumer data hacked to notify customers who are at risk. It would also criminalize the overseas trade in fraudulent identities. Companies would have 30 days from learning of a breach to tell customers.
Obama’s proposal is supported by companies because it will provide a single federal data-breach standard that preempts different and conflicting state laws, Clinton said. However, the threshold for what constitutes a breach required to be reported could become a thorny issue as Congress works out the details.
“If you do too much reporting, consumers respond negatively to it and you don’t really achieve your goal,” he said. “Congress will clearly need to be wrestling with it and refining it.”
The cybersecurity plans are the latest in a series of domestic policy priorities Obama is laying out ahead of his Jan. 20 State of the Union speech to Congress. Last week, he traveled to Detroit, Phoenix and Knoxville, Tennessee, to talk about the U.S. auto industry recovery. He also took steps to spur growth in the housing market for low-income buyers and promised free community college to qualified students.
Obama will travel to the Homeland Security Department’s National Cybersecurity and Communications Integration Center in the Washington suburbs on Tuesday where he will propose legislation that would give companies legal protections from lawsuits when they share information with each other and the government.
Congress has failed to come to agreement on a bill during the last four years. The House passed a version of the legislation in April 2013, while the Senate never took it up.
The White House had threatened to veto the House version because it didn’t have enough safeguards to ensure the personal information of Americans isn’t inappropriately monitored. Representative C.A. ’’Dutch’’ Ruppersberger, who serves on the House intelligence committee, reintroduced the bill on Jan. 8 for the new Congress to consider.
“Most recently, Sony was hit by a severe cyber-attack by North Korea - the first destructive attack we’ve seen yet and it cost the company millions of dollars,” Ruppersberger said in a statement. “We must stop dealing with cyber-attacks after the fact.”
Obama is expected to renew his call for the legislation with additional privacy protections.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access