President Obama today addressed cybersecurity for the second time in as many days in a speech at the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). Early this morning, the White House announced a February 13 Summit on Cybersecurity and Consumer Protection and released further details on several initiatives to promote cybersecurity information sharing between the private sector and government. The President then convened a meeting with congressional leaders in which he discussed cybersecurity issues. Speaking about his cooperation with House Speaker John Boehner (R-OH) and Senate Majority Leader Mitch McConnell (R-KY), the President noted “I think we agreed that this is an area where we can work hard together, get some legislation done and make sure that we are much more effective in protecting the American people from these kinds of cyber attacks.” Today’s developments follow the President’s address to the Federal Trade Commission (FTC) yesterday, in which he announced a legislative proposal on national data breach reporting and emphasized the importance of student and consumer privacy. Together, these events provide a preview of initiatives that the President is expected to highlight during his State of the Union address on January 20.
- White House Summit on Cybersecurity and Consumer Protection. On February 13, the White House will host a summit at Stanford University to coordinate public and private sector efforts to ensure the security of American consumers from cyber attacks. The summit will convene a broad array of stakeholders, including senior officials from across the federal government, industry leaders, law enforcement officials, consumer advocates, technical experts, and students. Participants will focus on increasing public-private partnerships and cybersecurity information sharing, creating and promoting improved cybersecurity practices and technologies, and improving adoption and use of more secure payment technologies.
- Cybersecurity Information Sharing and Liability Protection. The Administration elaborated on its proposal to expand collaboration and information sharing between industry and government. The proposal encourages private sector organizations to share cyber threat information with the NCCIC, which will then disseminate that information in near real-time to both federal agencies and other industry stakeholders. The proposal also encourages the formation of Information Sharing and Analysis Organizations by providing targeted liability protection for companies that share information. Shared information could not be used for regulatory action and would not be subject to release under the Freedom of Information Act (FOIA), though law enforcement would have limited access to the data to pursue cyber-crimes, threats to minors or threats of bodily harm. The proposal does not provide further details on how these protections will be targeted, which has been a controversial topic among congressional Republicans. Finally, the administration proposes to require the Department of Homeland Security (DHS), in consultation with the Privacy and Civil Liberties Oversight Board, to develop receipt, retention, use, and disclosure guidelines for use throughout the federal government.
- Combatting Cybercrime. The President announced revisions to his Cybersecurity Legislative Proposal, originally published in 2011. Specifically, he recommended several tools to enhance law enforcement’s ability to investigate, disrupt, and prosecute cybercrime. These include measures that disrupt the sale of botnets, criminalize the overseas sale of stolen US financial information, and enable courts to shut down botnets engaged in criminal activity. The President also proposed updates to the Racketeering Influenced and Corrupt Organizations Act (RICO) and the Computer Fraud and Abuse Act (CFAA) to ensure that both statutes provide protections against cybercrime.
This week’s announcements build upon a series of high-level initiatives focusing on cybersecurity in recent years. In 2013, the President signed an Executive Order on Improving Critical Infrastructure Cybersecurity, which was followed one year later by the release of the NIST Framework for Improving Critical Infrastructure Cybersecurity. And in November 2014, the White House announced the BuySecure Initiative, intended to promote consumer financial protection and critical infrastructure cybersecurity.