President Unveils Sweeping Cybersecurity Initiative
Jan. 15, 2015
On Tuesday, President Obama unveiled a comprehensive package of cybersecurity legislation that features incentives for private/public information sharing, criminalizing certain cybercrime-related activities and implementing a national standard for breach notification. The cornerstone of the plan, which the White House hopes will curtail incidences of data breach that exploded over the past year, is a program that would incentivize private companies to share information about threats to their network with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). According to the proposal, companies that choose to share information could enjoy some protection from liability if their systems were breached.
While there has been some early push back from privacy advocates, business groups are mostly hailing the President’s proposed legislation, including Arlington, Va.-based retailer group the Retail Industry Leaders Association (RILA).
“Collaboration between industry and government to share threat information is crucial in the fight against sophisticated and persistent cyber criminals,” said Nicholas Ahrens, vice president for cybersecurity and data privacy at RILA. “Retailers have made great strides setting up the Retail Cyber Intelligence Sharing Center (R-CISC) and facilitating threat information sharing, both within the industry and also with the government. We look forward to continuing to coordinate with the NCCIC in the fight to protect customers from cyber criminals.”
President Obama’s proposal also includes a National Data Breach Reporting component that requires companies nationwide to notify customers within 30 days of a breach. The proposal would preempt breach notification statutes in 46 states, unifying them into a national standard.
Finally, the administration’s plan would make selling botnets a criminal offense, as well as selling stolen U.S. financial information overseas. It also gives new life to a 2011 proposal that would classify cybercrimes as organized crimes that could be prosecuted under the Racketeering Influenced and Corrupt Organizations Act.