Obama pledges to push cyber security reforms

In his State of the Union address, the US president pledges to urge Congress to pass legislation to improve US cyber security

In his State of the Union address, US president Barack Obama has pledged to urge Congress to pass a raft of legislation aimed improving US cyber security.

In recent days he has outlined several key proposals, but did not make specific mention of any of them or add any details in his speech.

In a speech at the US Federal Trade Commission on 12 January, Obama outlined proposals for a single data breach notification law for all US states that will require companies to alert customers within 30 days of discovering a security breach of customer data.

He also outlined proposals aimed at improving student data protection. The Student Digital Privacy Act is aimed at stopping companies from selling student data to third parties for non-educational purposes.

In other speeches in the run-up to the State of the Union address, Obama outlined proposals on information sharing between private companies and the government, and increased penalties for violations of the Computer Fraud and Abuse Act.

“We’re looking beyond the issues that have consumed us in the past to shape the coming century,” Obama said in his State of the Union address on 20 January.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” he said.

Obama said the US is making sure the government integrates intelligence to combat cyber threats in the same way it has done to combat terrorism.

“And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber attacks, combat identity theft and protect our children’s information.

“If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” he said.

Obama also pledged to protect “a free and open” internet, extend its reach to every classroom, and every community.

He said he would help build the fastest networks, so that the “next generation of digital innovators and entrepreneurs have the platform to keep reshaping our world”.

Cyber security proposals welcomed

Although Obama’s proposal to toughen up on Computer Fraud and Abuse Act violations has raised concerns among some civil liberties and security experts, his proposals have mostly been well accepted.

Global software industry group, BSA – The Software Alliance, welcomed the policy priorities announced by Obama. 

No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids

US president Barack Obama

In his address the president touched on key priorities outlined in BSA’s 2015 Legislative Agenda released last week, including trade, innovation and the digital economy.

“More than ever before there is a clear need for strengthening our nation’s cyber security. We welcome President Obama’s efforts and those of Congress to increase the partnership and collaboration between industry and government,” said Victoria Espinel, president and chief of BSA.

“This approach will allow us to better identify and defend against the increasing number of sophisticated, evolving cyber security threats,” she said.

Marc Gaffan, chief of security firm Incapsula, welcomed Obama’s focus on securing cyberspace from hackers and creating harsher legal penalties for those engaging in malicious activity online.

“Recently, we have watched cyber criminals not only engage in more complex attacks, but also seen the proliferation of hacking guns for hire.

“Creating legislation that clearly states the illegality of selling botnets will combat the exponential growth of malicious bots trolling the internet, which by our own research makes up 30% of all web traffic,” he said.

Gaffan also said there was “great potential” in allowing courts to shut down bots engaged in distributed denial of service (DDoS) attacks and other illegal activity.

“These types of attacks cost businesses an average of $500,000 in damages, and as we saw recently with the Sony hack, organisations under attack are largely helpless in protecting themselves once their network has been breached,” he said.  

Chris Roberts, vice-president public sector at Good Technology, said the company welcomed the focus on improving cyber security by the US, UK, France and Germany.

“It’s our hope that legislation will provide law enforcement and intelligence agencies with the tools to aggressively combat cyber criminals, terrorists and cyber vandals.

“Our hope is that legislation designed to make citizens safer does not weaken law-abiding individuals, companies or organisations' ability to protect themselves and their data from those who wish to exploit it,” he said. 

Digital freedom concerns

However, not all security industry responses were positive. Sean Sullivan, security advisor of F-Secure, predicts that the section 215 and 206 of the US Patriot Act and section 6001 of the Intelligence Reform and Terrorism Prevention Act will be re-authorised before their 1 June 2015 expiration date.

“Post-Snowden, it appeared as though the controversial provisions might lack the political support needed to avoid sunset. But now, we are confident that Washington DC will act to protect itself from 'nation state cyber-terrorism' and will renew them after all. Don't expect reform in 2015. The violation of your digital freedom will continue,” he said.

Read more on IT legislation and regulation

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

Its interesting that this comes up in light of the NSA fundings in the Patriot act in the last week.  When i read this, I often wonder.  improve (for whom).   For businesses? For citizenry consumers?  For Providers? For Government Agencies?  I know its still important to keep our own country safe from cyber agents, this is a problem for sure, but how much attention on this is actually against foreign actors I wonder?
Cancel
Common sense. That's all this is. It's from the 2015 State of the Union and it's a continuation of President Obama's efforts to keep our government and citizenry safe. Cyber security is a watch phrase and has been around for this President's entire stay in office. I think it's a good plan and if there's a way to keep our data safe and educate our citizens, I'm all for it. *This isn't old news, but it's not 'breaking news'. I think we just need to continue our pattern of data security and make endeavors like this common - no matter who is in office. Your thoughts?
Cancel
So what's he going to do to help? Let's see, looking back several decades we already know what we need to do to secure our computers, networks, and sensitive information.

Many iterations of "cybersecurity" bills have failed to pass for years now thanks to people speaking up for what they believe in.

InfraGard has been around since 1996 "serving as a public-private partnership between U.S. businesses and the Federal Bureau of Investigation." I served as an officer on a local board for InfraGard and witnessed how that worked out.

Companies, by and large, don't want to share information on breaches and other network events nor do they want to be told how to operate.

I suspect once government regimes, such as this one, make it imperial law that information must be shared, government must secure everything, and so on, we'll have "cybersecurity" for everyone. More government smoke and mirrors.

This is a continued play for government bureaucrats attempting to take (further) control of the free market. Sure, many can claim that it's in the name of "national security", the "economy" or whatever. still, time has painted the picture of how that whole we're doing it for the greater good thing has worked out.

We don't need more security rules, laws, executive orders/dictates...we need more discipline to do what we know needs to be done.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close