President Obama’s Four Big Cyber Security Priorities – and What He Plans to Do About Them

Though he didn’t speak on it for very long, President Obama made sure his State of the Union address Tuesday underscored the importance of increased cyber security in the future.

Though he didn’t speak on it for very long, President Obama made sure his State of the Union address Tuesday underscored the importance of increased cyber security in the future.

Following a year of high profile attacks on Sony and XBox, it’s no surprise that Obama felt the need to make cyber security a high profile subject in this year’s address. It’s not a done deal, but Obama has made some proposals on moving forward that are receiving support on both sides of the aisle.

1. Improving consumer security
In his speech, President Obama urged Congress to “finally pass the legislation we need to better meet the evolving threat of cyber attacks, combat identity theft, and protect our children’s information.” To get the ball rolling, he announced the measure a week before to help bolster the security of consumers online.

The plan, referred to as the Personal Data Notification and Protection Act, would include establishing a federal mandate for hacked companies to refer to, in order to better notify customers of breaches–with a goal of notification within 30 days of discovery of the hack. And according to Boris Segalis, writer for Data Protection Report, should find very little trouble gaining traction in Congress:

The President has recognized that the patchwork of state laws is confusing for consumers and costly to comply for businesses. As an issue of information security, there is no reason why Congress and the President can’t find consensus on breach response laws. Both parties agree that personal information must be secured and that consumers, no matter in which state they reside, should be notified of incidents in accordance with a single standard. As a practical matter, in the current environment of dozens of state laws, when large breaches affect individuals across the US, businesses often notify affected individuals in accordance with most restrictive applicable state law. This approach may be counterproductive by encouraging over-notification and thus desensitizing consumers to breaches. This is a problem that has been documented and recognized by businesses and regulators, including the California Attorney General. All of these considerations lend support to an appropriate, reasonable and balanced national standard for breach response.

As part of this plan, Obama announced that several companies had joined the list of places where consumers could get free credit scores. He also hopes to establish a Consumer Privacy Bill of Rights, in order to create an enforceable code of conduct for consumers to refer to.

2. Improving law enforcement’s ability to mobilize
Though Obama knows that the face of cyber threats is ever-evolving, he does hope to increase the ability for law enforcement to investigate and prosecute cyber criminals. As part of this, Obama has proposed to further incentivize private companies to share information about leaks with the federal government, specifically Homeland Security’s National Cyber security and Communications Integration Center (NCCIC).

Sponsored

The exact framework of the President’s proposal aren’t known yet, but Paul Otto of Chronicle of Data Protection says it’s going to be hard to get it past Republicans:

The proposal also encourages the formation of Information Sharing and Analysis Organizations by providing targeted liability protection for companies that share information. Shared information could not be used for regulatory action and would not be subject to release under the Freedom of Information Act (FOIA), though law enforcement would have limited access to the data to pursue cyber-crimes, threats to minors or threats of bodily harm. The proposal does not provide further details on how these protections will be targeted, which has been a controversial topic among congressional Republicans. Finally, the administration proposes to require the Department of Homeland Security (DHS), in consultation with the Privacy and Civil Liberties Oversight Board, to develop receipt, retention, use, and disclosure guidelines for use throughout the federal government.

3. Better guarding of student data
In his speech a week ago, Obama noted that part of his ConnectED Initiative, which seeks to connect 99 percent of students in the U.S. to high-speed Internet, has also opened the door for educational technologies that collect information about the kids who use them.

Enter the Student Digital Privacy Act, which would ensure that “data collected on students should only be used for educational purposes–to teach our students, not to market to our students.” Essentially, his plan would be modeled on a similar California bill, and would prohibit companies from selling students’ data to unrelated services, like targeted ads. It would allow students’ data to be used for research, however. [if you know anyone who wrote actual opinion on this let me know; most of it was just summarizing what he said]

4. Continue to pare down on domestic surveillance
Obama noted, in his final moment on cyber security during the State of the Union, that he would be announcing updates on how intelligence agencies would be working against abuse of domestic surveillance systems:

Sponsored

So while some have moved on from the debates over our surveillance programs, I haven’t. As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse. And next month, we’ll issue a report on how we’re keeping our promise to keep our country safe while strengthening privacy.

These proposals are far from finalized, and some will likely face opposition. Some, like the Electronic Frontier Foundation have called Obama’s proposals “outdated” and “awfully similar to the now infamous CISPA,” but other cyber experts couldn’t be more thrilled. For now we’ll have to wait until next month to find out what’s happening for sure. But Matthew S. Adams of The E-Discovery Stage has hope for a bipartisan front against cyberterrorism:

There were certainly no 5 point plans part of this portion of the address. However, the reaction to the President’s remarks on strengthening the nation’s cyber defense could provide some insight into the legislative will of Congress to turn the President’s proposals into law. Both sides of the isle appeared on board with the concept that it is time to treat cyber security like the threat that we know it to be. Given the theatrics that accompany who applauds what during the State of the Union, we may very well be on our way to new law in this area.

CRM Banner