eWhite House Watch - Full Article

Obama’s Cybersecurity Initiative: Substance? Or Hot Air?

Success of the President’s proposed cyber legislation hinges on the willingness of corporations to share their data with the government.  But why would a company want to share data with the government?

While the Sony hack was shocking to most, it’s unlikely that corporations will be willing to trust the government with their customers most sensitive data. For one, businesses owe a duty to their customers to maintain their data in accordance with their agreements with and expectations of their customers.  Also, despite billions of dollars in funding, the federal bureaucracy has failed to meet its own federal cybersecurity standards. Using data from General Accounting Office, George Mason University researchers found that in 2006, there were more than 5,503 cyber-breaches on federal IT systems, in 2013 – 61,213 cyber-breaches.

Since 2002, the federal government has had its own legislation similar to the one proposed by the President last week, and despite $78.8 billion in funding, the number of IT security breaches has increased more than 10 times since 2006. Critics argue criminalizing cybercrime will not prevent what Americans fear – industrial espionage and oversea hackers.

Summary of President’s proposal:

1.      Cyber information sharing between private sector and government, with liability protection for companies

2.      Expanding RICO to include cyber-crime

3.      Criminalizing the sale of botnets and the sale of banking information overseas

4.      Greater restrictions on selling spyware

5.      Gives Courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity

6.      Making rogue insiders punishable by the CFAA (Computer Fraud and Abuse Act)

7.      Uniform national data breach notification – 30 days within attack

8.      Establish a consumer policy bill of rights

Additionally, critics argue that the law could hinder U.S. internet users who have no intention of committing cybercrimes but who may be out of compliance with a U.S. judgment in an effort to debilitate cybercrime. What is lacking from this bill is a mechanism that actively seeks out global cyber threats; and while the new legislation may reign in domestic cybercriminals – it does nothing to relieve our increasing threat – rapidly emerging economies with no form of legal redress for victims of cybercrimes. Despite bills that promise to reign in cybercriminals, it remains incumbent on companies to strengthen their own defenses.

Leave a Reply