Obama says hacks show need for cybersecurity law14 january 2015, 12:54
President Barack Obama said Tuesday the hacking of Sony and the Pentagon Central Command's Twitter feed highlight the urgent need to pass new cybersecurity laws, AFP reports.
"Cyber threats are an urgent and growing danger," Obama said as the White House unveiled a proposal to revive cybersecurity legislation stalled over the past few years.
"This is a matter of public safety of public health, and most of this infrastructure is owned and operated by the private sector. So neither government nor the private sector can defend the nation alone. It's going to have to be a shared mission -- government and industry working hand in hand."
Obama, who spoke at a Department of Homeland Security coordination center, has launched a fresh effort to persuade Congress to pass legislation to encourage better cooperation between the government and private sector, an effort stalled since his first proposal in 2011.
"With the Sony attack that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show how much more work we need to do... to strengthen our cybersecurity," the president said earlier in the day at a meeting with congressional leaders.
Obama said he had spoken to the Republican leaders of the House and Senate and added that "I think we agreed that this is an area where we can work hard together, get some legislation done and make sure that we are much more effective in protecting the American people from these kinds of cyberattacks."
The proposal unveiled Tuesday would allow increased sharing of information on cyber threats from the private sector with protection from liability. The measure also would make it illegal to sell stolen financial data, and require companies to notify consumers about data breaches.
The plan also would allow for the prosecution of the sale of botnets, and give more tools to law enforcement and the courts to crack down on the sale of stolen US financial information and spyware used to stalk or commit ID theft, according to the White House.
The proposal would shield companies from liability if they share information about cyber threats with the Department of Homeland Security, which has been setting up special units for threat analysis and sharing.
Earlier efforts on cybersecurity legislation have stalled amid opposition from civil libertarians who feared it could allow too much government snooping and conservatives who argued it would create a new bureaucracy.
A senior administration official said the latest initiative represents a more detailed effort to address privacy issues than in the past.
"What you see here is a refinement of our thinking in the privacy and the civil liberties space," the official said, adding that "we really have learned a lot in the past few years."
The official added that the plan calls for "targeted, narrow liability protection," that would require companies to take steps to protect privacy, such as removing any information that could identify individuals and adversely affect their reputation.
The concerns on cybersecurity have been heightened by the hacking of Sony Pictures and massive data breaches affecting retailers including Target and Home Depot.
On Monday, the US Central Command suspended its Twitter page after a group declaring sympathy for Islamic State jihadists hacked its social media accounts and posted internal documents.
Reacting to the proposal, Scott Belcher, chief executive of the Telecommunications Industry Association, welcomed the plan, saying it "will help arm businesses with more weapons to fight attacks and give them more freedom to pursue innovative and aggressive solutions."
But Amie Stepanovich at the digital rights group Access said any effort should be accompanied by reforms at the National Security Agency, whose vast data sweeping capacity has been disclosed in leaked documents.
"How about some NSA reform, you know, before we start looking at increasing personal info transferred to government," she said in a tweet.
Harley Geiger at the Center for Democracy and Technology said the plan "relies heavily on privacy guidelines that are currently unwritten" and argued that "privacy protections and use restrictions must be in effect before information sharing occurs."