(Bloomberg) -- President Barack Obama on Tuesday sought to rally Congress to pass stalled U.S. cybersecurity legislation, an effort that may face obstacles as tensions with key Republicans quickly began to surface.
Obama announced revised legislation that would give companies legal protections for sharing information with the government about hacking threats that could help prevent attacks like the one that crippled thousands of computers at Sony Pictures Entertainment in November.
The problem is government and the private sector are not always working as closely together as they should, Obama said in remarks at the Homeland Security Departments National Cybersecurity and Communications Integration Center in Arlington, Virginia. Sometimes companies are reluctant to reveal their vulnerabilities.
While there is broad agreement that companies should be given legal protections for sharing threat data, Congress has failed to come to agreement on a bill during the last four years. It remains to be seen if recent cyberattacks will spur lawmakers to embrace Obamas new proposal, which the White House said would be sent to Congress.
Only a few hours earlier, Obama had met with leaders of the Republican-controlled Congress at the White House, where tensions emerged over unrelated legislation.
Obama, a Democrat, has singled out cybersecurity as an area for bipartisan agreement in a polarized political climate.
With the Sony attack that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show how much more work we need to do, both public and private sector, to strengthen our cybersecurity to make sure that the family bank accounts are safe, to make sure that our public infrastructure is safe, Obama said when he met with congressional leaders.
Republican Senator John Thune of South Dakota, the chairman of the Senate Commerce Committee who will be critical to passing legislation, said he welcomed Obama back to the discussion on cybersecurity.
Thune said he hopes Obamas actions on this critical subject match his rhetoric about working with Congress.
Obamas proposed legislation seeks to narrow what kind of data companies can share with the government and how it can be used in order to address privacy concerns, an administration official told reporters. The person spoke on condition of anonymity before the announcement.
Companies must take reasonable steps to remove personally identifying information and can only share technical indicators about hacking attacks, such as Internet Protocol addresses, routing data and time stamps, the official said.
In order to receive legal protections, the data must be shared with the Department of Homeland Securitys cyber center, the official said.
The administration wants to have information go directly to the DHS center rather than the National Security Agency. The move is intended to address privacy objections to the NSA obtaining unfettered data about activity on private networks in the U.S. Once the DHS gets the data, it can share it with other agencies, including the NSA, the official said.
The DHS may also pass the data to law enforcement agencies, the official said. Law enforcement could only use the data for certain purposes, such as investigating cybercrimes, threats to minors or crimes aimed at harming people.
The White House is laying out several cybersecurity priorities this week ahead of Obamas Jan. 20 State of the Union speech.
Obama on Jan. 13 asked Congress to enable law enforcement to better investigate, disrupt and prosecute cybercrime. The proposal calls for criminalizing the sale of botnets and stolen U.S. financial data such as credit card and bank account numbers. It would also authorize courts to shutter botnets involved in distributed denial of service attacks and other criminal activities.
The president called for updating the Racketeer Influenced and Corrupt Organizations Act to apply to cybercrime, setting penalties in line with other crimes. Obama also suggested Congress modernize the Computer Fraud and Abuse Act so that it can be used to prosecute insiders who misuse their access to information. The White House also plans to host a cybersecurity summit at Stanford University on Feb. 13.
Yesterday, Obama renewed calls for Congress to pass stalled legislation that would require companies that have consumer data hacked to notify customers who are at risk. Companies would have 30 days from learning of a breach to tell customers, according to the White House.
As far as strengthening cybersecurity, allowing companies to share information on cyber threats should be a no-brainer; the real issue is what else will garner bipartisan support, but the devil will be in the details, Robert Cattanach, a Minneapolis-based partner at the law firm Dorsey & Whitney LLP, said in an e-mailed statement.
As Obama was speaking about the other elements of his cybersecurity plans yesterday, hackers took over the Twitter and YouTube accounts of the U.S. Central Command, which oversees American military operations in the Middle East and North Africa. The White House said its looking into whos behind the attack while also downplaying its severity.
The House of Representatives passed a version of the information-sharing legislation in April 2013, however the Senate never took it up.
The White House had threatened to veto the House bill because it didnt have enough safeguards to ensure the personal information of Americans isnt inappropriately monitored.
Representative C.A. Dutch Ruppersberger, a Maryland Democrat who serves on the House intelligence committee, reintroduced the bill on Jan. 8 for the new Congress to consider.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access