In a Speech Full of Proposals Most Pundits Say Can’t Pass Congress, President’s Historic Cybersecurity Push Clear Exception
After the State of the Union, analysts of every stripe concluded that most of the President’s agenda would pass the Republican-controlled Congress “when pigs fly.” However, on one issue, pigs have grown wings and are soaring. And that’s cybersecurity, where the President’s call had both Republicans and Democrats standing and applauding.
In his wide-ranging article on thehill.com, Cory Bennett describes the President’s measures for increasing cybersecurity, which Bennett noted, “easily surpassed any previous cyber mention in specificity, breadth and urgency.” The following has been excerpted from Bennett’s story and edited to fit our format. You may find the complete piece by clicking on this link.
High on national security priorities
[Cybersecurity] was the third issue Obama mentioned while discussing national security during the speech. The president also hit nearly every aspect of the new White House cyber agenda, which was rolled out last week.
Bipartisan standing ovation
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said to a bipartisan standing ovation.
The administration’s legislative cyber proposals include measures intended to facilitate cyber threat information-sharing between the public and private sectors; to protect student data; to raise the punishments for cyber crime; and to create a federal breach notification standard and nationwide cyber defense standards.
“We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism,” Obama said.
Bully pulpit promotion
The security industry and privacy advocates alike appreciated the president using one of the country’s biggest bully pulpits to promote national awareness of cybersecurity, even if they quibble with the administration’s policy specifics.
Roughly 33 million viewers watch the State of the Union each year….
Republicans join in
“I welcome him to the conversation,” said Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee. “Confronting the cyber threat has been a priority of mine for the past 10 years.”
Attention now turns to those same lawmakers, as the White House looks for allies to introduce its legislative offerings.
“Tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information,” Obama said.
“That should be a bipartisan effort,” he added, going off script briefly.
Sen. Bill Nelson (D-Fla.), the ranking member on the Senate Commerce Committee, has already said he will introduce a data breach notification bill that closely resembles the White House proposal.
National breach notification proposed
It would require companies to notify consumers within 30 days that their information had been breached. Companies would also have to notify the government of certain breaches and adhere to cybersecurity standards set by the Federal Trade Commission.
Rep. Jim Langevin (D-R.I.), co-chair of the Congressional Cybersecurity Caucus, said after the speech that he will soon introduce a House version of the president’s data breach proposal.
“I am particularly excited to see cybersecurity come center stage in the State of the Union and in the public dialogue,” he added.
A bone of contention
The most contentious issue will be Obama’s proposal to enhance cybersecurity information-sharing between the government and private sector. The offering would provide limited liability protections for companies sharing cyber threat indicators with the Department of Homeland Security.
The measure has been at the top of industry group’s cyber wish list for years. But cybersecurity firms caution that a rushed, non-specific bill could prove ineffective. “How are you going to implement limited liability?” Cole wondered. “What does that mean?”
Privacy advocates worry those same vagaries could give the government another way to collect personal information on U.S. citizens. They’ve pushed for National Security Agency (NSA) reform to come before any cyber information sharing bill.
Increased transparency, but privacy advocates wary
Obama insisted he would not let NSA reform fall to the wayside. “While some have moved on from the debates over our surveillance programs, I haven’t,” he said. “As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse.”
Privacy advocates remained wary after hearing Obama’s remarks.
“It’s heartening that President Obama’s address focused on Americans’ privacy, but the only way to fulfill that promise is to pass surveillance reform before taking up cyber [info sharing] legislation,” said Robyn Greene, policy counsel for the Open Technology Institute.
Not all sunshine
Different committees have pushed their own sharing proposals, creating intra-party squabbles and jurisdictional turf wars. Key Democrats on cyber issues have also broken with the White House on their own cyber threat sharing bills.
Rep. Dutch Ruppersberger (D-Md.) recently reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA), which would enable sharing between the private sector and the NSA, not the DHS.
Senate Intelligence Committee ranking member Dianne Feinstein (D-Calif.) was also a big proponent of a Senate version of CISPA last Congress.
Well some sunshine
The two recently installed chairmen on the Senate Intelligence Committee and Senate Homeland Security and Governmental Affairs Committee will play a big role in setting the legislative agenda. Both Intelligence Chairman Richard Burr (R-N.C.) and Homeland Security Chairman Ron Johnson (R-Wis.) have indicated they’re willing to work with the White House on a joint cyber proposal.
ThreatMetrix builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.
ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 850 million monthly transactions and protects more than 210 million active user accounts across 3,000 customers and 15,000 websites.
The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.
For more information, visit www.threatmetrix.com or call 1-408-200-5755.
Join the cybersecurity conversation by visiting the ThreatMetrix blog, Facebook, LinkedIn and Twitter pages.