The White House has unveiled a proposal aimed at strengthening cybersecurity within the US by encouraging sharing between sectors and installing new penalties after a series of high-profile attacks targeted government and private sector networks.
The initiative, announced by US President Barack Obama during a planned visit on Tuesday to the US Department of Homeland Security in Virginia, calls for new legislation to be adopted by Congress in order to enhance the sharing of electronic threat information between the private sector and the government, while also revamping the Computer Fraud and Abuse Act, or CFAA – the 1984 federal law that outlines when and what hacking charges can be brought against suspected cyber criminals.
Additionally, the White House again insisted on Tuesday that American businesses should be obliged under penalty of law of quickly notifying consumers in the event that their networks are compromised, echoing remarks the president made a day earlier when he proposed new data protection rules during an address at the main office of the Federal Trade Commission in which he advocated for securing the types of personal financial data often pilfered in hacks that have targeted major companies.
“This extraordinary interconnection” made possible by the internet “creates enormous opportunities,” Obama said Monday, “but also creates enormously vulnerabilities for us as a nation and for our economy and for individuals.”
Details on the latest proposal surfaced less than a month after the White House and FBI said they’ve attributed the major security breach suffered by the computers of Sony Pictures Entertainment last November to North Korea, and only a day after the US Central Command saw both its Twitter and YouTube accounts compromised by a group claiming to be supportive of Islamic State militants.
“With the Sony attacks that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show how much more work we need to do, both public and private sector, to strengthen our cybersecurity to make sure that families’ bank accounts are safe, to make sure that our public infrastructure is safe,” Obama told members of Congress during a meeting earlier on Tuesday, according to CNN.
He’s been doing everything he can within his executive authority to move the ball on this,” a senior administration official who spoke on the condition of anonymity told the Washington Post. “We’ve got to get something in place that allows both industry and government to work more closely together.”
In hopes of accomplishing as much, the newest proposal from the president includes provisions enabling private sector entities to better communicate attack details with the DHS National Cybersecurity and Communications Integration Center (NCCIC), ideally giving the government a heads up with regards to future breaches. The White House says the president also wants changes applied to the CFAA that would give the Justice Department added ability to prosecute suspected cybercriminals, specifically singling out individuals who sell botnets – compromised computer networks that can be remotely controlled and used to launch attacks – and persons who sell US financial information overseas, while at the same time updating the federal Racketeering Influenced and Corrupt Organizations Act, or RICO, in order to apply to cybercrimes.
The president’s proposal, the White House said, “modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.”
“Today, at a time when public and private networks are facing an unprecedented threat from rogue hackers as well as organized crime and even state actors, the president is unveiling the next steps in his plan to defend the nation’s systems,” the White House said.