President Barack Obama sought to rally Congress to pass stalled U.S. cybersecurity legislation, an effort that may face obstacles as tensions with key Republicans quickly began to surface.
Obama announced revised legislation Tuesday that would give companies legal protections for sharing information with the government about hacking threats that could help prevent attacks like the one that crippled thousands of computers at Sony Pictures Entertainment in November.
“The problem is government and the private sector are not always working as closely together as they should,” Obama said in remarks at the Homeland Security Department’s National Cybersecurity and Communications Integration Center in Arlington, Virginia. “Sometimes companies are reluctant to reveal their vulnerabilities.”
While there is broad agreement that companies should be given legal protections for sharing threat data, Congress has failed to come to agreement on a bill during the last four years. It remains to be seen if recent cyberattacks will spur lawmakers to embrace Obama’s new proposal, which the White House said would be sent to Congress today.
Only a few hours earlier, Obama met with leaders of the Republican-controlled Congress at the White House, where tensions emerged over unrelated legislation.
Sony, Twitter
Obama, a Democrat, has singled out cybersecurity as an area for bipartisan agreement in a polarized political climate.
“With the Sony attack that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show how much more work we need to do, both public and private sector, to strengthen our cybersecurity to make sure that the family bank accounts are safe, to make sure that our public infrastructure is safe,” Obama said earlier today when he met with congressional leaders.
Republican Senator John Thune of South Dakota, the chairman of the Senate Commerce Committee who will be critical to passing legislation, said he welcomed Obama “back to the discussion on cybersecurity.”
Thune said he hopes Obama’s “actions on this critical subject match his rhetoric about working with Congress.”
Privacy Protections
Obama’s proposed legislation seeks to narrow what kind of data companies can share with the government and how it can be used in order to address privacy concerns, an administration official told reporters today. The person spoke on condition of anonymity before the announcement.
Companies must take reasonable steps to remove personally identifying information and can only share technical indicators about hacking attacks, such as Internet Protocol addresses, routing data and time stamps, the official said.
In order to receive legal protections, the data must be shared with the Department of Homeland Security’s cyber center, the official said.
The administration wants to have information go directly to the DHS center rather than the National Security Agency. The move is intended to address privacy objections to the NSA obtaining unfettered data about activity on private networks in the U.S. Once the DHS gets the data, it can share it with other agencies, including the NSA, the official said.
The DHS may also pass the data to law enforcement agencies, the official said. Law enforcement could only use the data for certain purposes, such as investigating cybercrimes, threats to minors or crimes aimed at harming people.
Criminalizing Botnets
The White House is laying out several cybersecurity priorities this week ahead of Obama’s Jan. 20 State of the Union speech.
Obama today asked Congress to enable law enforcement to better investigate, disrupt and prosecute cybercrime. The proposal calls for criminalizing the sale of botnets and stolen U.S. financial data such as credit card and bank account numbers. It would also authorize courts to shutter botnets involved in distributed denial of service attacks and other criminal activities.
The president called for updating the Racketeer Influenced and Corrupt Organizations Act to apply to cybercrime, setting penalties in line with other crimes. Obama also suggested Congress modernize the Computer Fraud and Abuse Act so that it can be used to prosecute insiders who misuse their access to information.
The White House also plans to host a cybersecurity summit at Stanford University on Feb. 13.
Legal Protections
Yesterday, Obama renewed calls for Congress to pass stalled legislation that would require companies that have consumer data hacked to notify customers who are at risk. Companies would have 30 days from learning of a breach to tell customers, according to the White House.
“As far as strengthening cybersecurity, allowing companies to share information on cyber threats should be a no-brainer; the real issue is what else will garner bipartisan support, but the devil will be in the details,” Robert Cattanach, a Minneapolis-based partner at the law firm Dorsey & Whitney LLP, said in an emailed statement.
As Obama was speaking about the other elements of his cybersecurity plans yesterday, hackers took over the Twitter and YouTube accounts of the U.S. Central Command, which oversees American military operations in the Middle East and North Africa. The White House said it’s looking into who’s behind the attack while also downplaying its severity.
Privacy Safeguards
The House of Representatives passed a version of the information-sharing legislation in April 2013, however the Senate never took it up.
The White House had threatened to veto the House bill because it didn’t have enough safeguards to ensure the personal information of Americans isn’t inappropriately monitored.
Representative C.A. “Dutch” Ruppersberger, a Maryland Democrat who serves on the House intelligence committee, reintroduced the bill on Jan. 8 for the new Congress to consider.
Obama traveled to the DHS facility today while being at odds with Congress over funding for the department, which is also responsible for immigration enforcement.
Some Republicans are upset about Obama’s executive action on immigration last year to allow about 5 million more undocumented immigrants to stay in the U.S. Lawmakers reached a compromise late last year to allow the DHS to be funded temporarily.
White House Press Secretary Josh Earnest told reporters yesterday that the president would veto a DHS spending bill that restricts Obama’s immigration changes.
–With assistance from Mike Dorning in Washington.