In his 2015 State of the Union address, President Obama pushed Congress to bring cybersecurity legislation to fruition in order to combat emerging attacks against the nation.
On Tuesday night, the President delivered a short, but pointed, message to lawmakers on the issue as he laid out a larger national agenda.
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids,” Obama said in his address. “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children's information.
“If we don't act, we'll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe,” he said.
Obama's call to “finally pass” data security legislation, as well law that would defend entities against cyber attacks, follows his attempts last week to jump-start the legislative process for a federal data breach statute enforcing a 30-day notification requirement from the discovery of a breach.
Already, Sen. Bill Nelson, D-Fla., has announced that he is in the final stages of drafting the Data Security and Breach Notification Act of 2015, which would invoke the 30-day reporting standard, if passed, and prevail over varying state data security and breach notification laws.
Following the late 2014 attack on Sony Pictures Entertainment, Obama has increasingly addressed the need to thwart cyber attacks against the nation. And in early January, he imposed sanctions against North Korea, which the U.S. government has attributed the Sony attacks to.
For some IT security practitioners, the President's inclusion of cybersecurity issues in the State of the Union speaks volumes of the importance the topic increasingly commands among policy makers.
In a Wednesday interview with SCMagazine.com, Amit Yoran, president of RSA, said that “anytime you get the president of the United States talking about cybersecurity, it is a statement about the importance of cybersecurity on the world stage.
“It plays a critical role in our modern, interconnected, global economy. And it's important that the President spoke to it and speaks to it,” Yoran said. “It is appropriate that it has his attention, and beyond State of the Union, that there's real concern at the senior-most levels of government and at corporations about cybersecurity and what folks need to do about it."
In the midst of the White House's appeals for bipartisan cybersecurity efforts, privacy advocates at the Electronic Frontier Foundation (EFF) remind the public that IT security should, not only be on lawmakers' agendas, but in such a way that past missteps aren't rehashed for the sake of introducing legislation.
Last week, for instance, the White House published a legislative proposal (PDF) to amend the Computer Fraud and Abuse Act (CFAA) – a federal anti-hacking law criticized for being outdated and leading to aggressive prosecution against individuals, like computer programmer and activist Aaron Swartz, who committed suicide in January 2013.
In a blog post, EFF senior staff attorney Lee Tien and legislative analyst Mark Jaycox, said that President Obama's proposed cybersecurity bill looked “awfully similar to the now infamous CISPA (with respect to information sharing), a computer crime bill that is opposite of [EFF's] own proposed computer crime [CFAA] reform, and a data breach law weaker than the current status quo,” which includes existing breach notification law in California.
“All three of the bills are recycled ideas that have failed in Congress since their introduction in 2011. They should stay on the shelf,” Tien and Jaycox argued.
Derek Manky, global security strategist at Fortinet, told SCMagazine.com in a Wednesday interview that “sometimes there can be political complication in seeing these things through,” as it pertains to effective cybersecurity legislation.
He added, however, that the attention to improving our cyber defenses and practices, as a nation, in the SOTU address “underscores the importance of cybersecurity and that it is on the agenda.”
“I think it's a great thing,” Manky added later. “We can't sweep these things under the rug. We have to put everyone on the same playing field.”