In last week’s State of the Union address, President Obama called for a number of legislative actions related to cybersecurity. This is not surprising in light of the recent hacks of Sony, Target, and others. President Obama also called for cybersecurity legislation in the 2013 State of the Union address.
The White House proposals for 2015 include measures to address protection of networks, trade secrets, and individual privacy. Specifically,
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
In the run up to the State of the Union, the President supported the call for cyber threat information exchange between the private sector and the Department of Homeland Security via the National Cybersecurity Communications Integration Center (NCIC). This has been included in previous legislative initiatives from both ends of Pennsylvania Avenue. The challenges involved in this information sharing initiative are not technical but policy related. Private sector actors are worried about protection of their intellectual property and greater liability exposure from sharing internal data with the government. Privacy advocates are concerned that any personally identifying information or personal content that may be shared with the government will not be properly handled, retained, and destroyed. The White House proposals also included calls for a standard, national data breach disclosure law. At present this is handled by a collection of more than forty states and local laws. This increases the compliance challenge for businesses doing business in multiple jurisdictions.
It will be interesting to observe how the various proposals move through Congress over the next several months. Issues of net neutrality, privacy, and critical infrastructure protection have been introduced before but have largely failed to gain passage.