Highlighting the importance of cybersecurity in a time of data breaches and cyber attacks that have compromised our national security, privacy, economy, and businesses, President Obama incorporated cybersecurity issues in his recent State of the Union address. He stated:
No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.
Referencing recent proposed legislation and policy initiatives, he continued:
I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyberattacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.
While the President did not lay out the details of the legislation, his speech came on the heels of a busy two weeks during which the White House announced various policy initiatives and legislatives proposals, including:
• increasing the sharing of cybersecurity information between the government and private companies and granting corresponding liability protections to the disclosing companies;
• bolstering law officials’ ability to investigate and prosecute cybercriminals, including by introducing new penalties for cyber criminals;
• streamlining data breach notification laws; and
• establishing a federal standard for hacked companies to disclose breaches to employees and consumers who may be affected.
Now that all eyes are watching, attention will focus on efforts by legislators, industry groups, and privacy and consumer advocates to strike a balance among the competing interests that will be impacted. For example, certain industry groups have pushed for the liability protections that the President’s information-sharing proposal provides; however, these same groups have balked at the breach reporting requirements as overly burdensome. Similarly, privacy groups maintain that Congress must first reform the National Security Administration (“NSA”) before considering cyber information-sharing legislation, so that the information-sharing proposal does not create another means for the NSA to collect Americans’ personal information.
Stay tuned as these issues unfold…