President Obama is poised today to introduce new proposals to protect U.S. businesses and the government from cyber-attacks—including increasing the prosecution of crimes conducted through computer networks and toughening penalties for them, the White House announced. Under the steps to be outlined by the president, companies that share information about cyber-threats with the government would be shielded from liability, according to a description of the proposals provided by the White House.
“If we’re going to be connected, then we need to be protected,” President Obama says.
President Obama is scheduled to promote the initiatives, which would need congressional approval, at an afternoon appearance at the National Cybersecurity and Communications Integration Center.
“Today, at a time when public and private networks are facing an unprecedented threat from rogue hackers as well as organized crime and even state actors, the president is unveiling the next steps in his plan to defend the nation’s systems,” the White House said in a statement.
The measure Mr. Obama is proposing would encourage companies to share cyber-threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which would swiftly pass it on to other government agencies and industry groups being set up to help monitor and disrupt attacks. Companies would get “targeted liability protection” for doing so, the White House says, as long as the companies took steps to protect consumers’ personal information.
In addition, President Obama’s plan also “would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity,” according to the statement.
A focus on cyber-security isn’t new. Indeed, President Obama has tried for three years to persuade Congress to pass a cybersecurity bill. However, earlier efforts on such legislation stalled amid opposition from civil libertarians who feared it could allow too much government prying, and from conservatives who argued it would create a new bureaucracy. Administration officials hope that the severity of the Sony attack and the recent hacking of numerous retailers will change the political situation—although President Obama does face a Congress controlled by Republicans.
Nonetheless, initial reactions from some companies that would be affected was positive. Nicholas Ahrens, vice president for cybers-ecurity and data privacy at the Retail Industry Leaders Association, says in a New York Times article today that retailers had already set up a cyber-intelligence sharing center and would continue to coordinate with U.S. cyber-crime officials.
“Collaboration between industry and government to share threat information is crucial in the fight against sophisticated and persistent cyber-criminals,” Ahrens says in a statement, the New York Times article reports.
Be all of that as it may, privacy groups are expressing concern. The Electronic Frontier Foundation, for instance, has questioned the proposed legal immunity, arguing existing rules allow companies to coordinate efforts sufficiently already and challenging a potential provision that may allow the Homeland Security Department to share data in “near real time” with the NSA, FBI and Secret Service, reports an article on The Guardian.
White House officials insist the proposed information-sharing system would not put privacy at risk because the disclosed information will principally concern the method of attack on computer data and systems, rather than the content itself.
What are your thoughts on cyber-attacks? Should the U.S. government be able to use information about attacks to hopefully prevent other attacks?