Barack Obama's last effort to get some cybersecurity legislation through Congress stalled in 2011, when it successfully cleared the Republican-held House, but withered in the Senate. After some high-profile attacks on government social networking accounts, Sony and others, he's resurrecting those plans. It will be one of the many things the president discusses during his upcoming State of the Union address, but he is delivering a preview of those plans today in a speech at the Department of Homeland Security. Obviously many of the details will need to be worked out by Congress, but Obama is pushing for some liability protection for companies that quickly respond and share information about attacks. The White House says there will also be strict requirements for the protection of personal data.
Some of those protections for the consumer were already proposed on Monday, such as the creation of a federally mandated privacy standard and disclosure requirements for companies that fall victim to hacking. There is still some concern, though, about what the guidelines will look like regarding the collection, retention and sharing of data related to cyber threats. Especially when the government is still struggling to win back trust lost over the NSA scandal.
Much of today's proposals focus on beefing up law enforcement's abilities to investigate and prosecute cybercrimes, however. The president wants to give authorities the ability to prosecute for selling botnets, spyware and stolen credit card information -- even if those sales are overseas. He also wants to give courts the ability to shut down botnets, especially if they are used in a denial of service (DoS) attack designed to bring down a website or service. One thing that will not be allowed though, is for companies to retaliate on their own against those that attack them.
Lastly, Obama announced plans for a cybersecurity summit on February 13th, that will take place at Stanford University.
How these proposals shake out remains to be seen. With the opposition controlling both the House and the Senate, President Obama faces an uphill battle getting any legislation passed. Not to mention his track record on issues of cybersecurity and personal privacy is spotty at best. In addition to the ongoing NSA scandal, the White House appointed Michael Daniel as its Cyber Security coordinator, who has freely admitted to his lack of technical knowledge.
That being said, the administration has done quite a lot to strengthen the nation's digital defenses (and offenses) and the president has made it a focus of his time in office. In addition to creating rules of engagement and shifting both Homeland Security and Military resources to cyberprojects, he's also pushed to create a cybersecurity insurance market to help protect private industry from online threats.