Although the legislation has languished on Capitol Hill for four years, the White House is seizing on recent high-profile hacking attacks against Sony Pictures Entertainment, JPMorgan Chase & Co. and other companies to build momentum for a final agreement.
“In this interconnected, digital world, there are going to be opportunities for hackers to engage in cyberassaults both in the private sector and the public sector,” Obama said today in a White House statement. “Some of them are going to be state actors; some of them are going to be non-state actors. All of them are going to be sophisticated and many of them can do some damage.”
Obama called on Congress to pass legislation that allows for companies to share threat information with the government and other businesses yet make sure companies wouldn’t run afoul of antitrust laws. The president is expected to speak about the measures later today at the Homeland Security Department’s National Cybersecurity and Communications Integration Center in the Washington suburbs.
Republican Senator John Thune of South Dakota, the chairman of the Senate Commerce Committee who will be critical to passing legislation, said he welcomed Obama “back to the discussion on cybersecurity.”
Thune said he hopes Obama’s “actions on this critical subject match his rhetoric about working with Congress.”
Obama today also asked Congress enable law enforcement to better investigate, disrupt and prosecute cybercrime. The proposal calls for criminalizing the sale of botnets and stolen U.S. financial data such as credit card and bank account numbers. It would also authorize courts to shutter botnets involved in distributed denial of service attacks and other criminal activities.
The president called for updating the Racketeering Influenced and Corrupt Organizations Act (RICO) to apply to cybercrime, setting penalties in line with other crimes. Obama also suggested Congress modernize the Computer Fraud and Abuse Act so that it can be used to prosecute insiders who misuse their access to information for their own purposes.
The White House also announced it will host a Summit on Cybersecurity and Consumer Protection at Stanford University on Feb. 13 to help foster public-private information sharing and other efforts to protect American consumers and companies from online threats. Leaders from business, government, law enforcement, consumer advocates and students will be invited, according to the White House release.
The White House is laying out several cybersecurity priorities this week ahead of Obama’s Jan. 20 State of the Union speech to Congress. He will make cybersecurity one of the centerpieces of his address, in which he’ll lay out his legislative priorities for the two remaining years in his presidency.
Yesterday, Obama renewed calls for Congress to pass stalled legislation that would require companies that have consumer data hacked to notify customers who are at risk. Companies would have 30 days from learning of a breach to tell customers, according to the White House.
Obama will travel to the DHS facility today while being at odds with Congress over funding for the department, which is responsible for immigration enforcement.
Although there is broad agreement that companies should be given legal protections for sharing hacker threat data, Congress has failed to come to agreement on a bill during the last four years.
“As far as strengthening cybersecurity, allowing companies to share information on cyber threats should be a no-brainer; the real issue is what else will garner bipartisan support, but the devil will be in the details,” Robert Cattanach, a Minneapolis-based partner at the law firm Dorsey & Whitney LLP, said in an e-mailed statement.
Yesterday, as Obama was speaking about the other elements of his cybersecurity plans, hackers took over the Twitter and YouTube accounts of the U.S. Central Command. The White House said it’s looking into who’s behind the attack while also downplaying its severity.
The House passed a version of the information-sharing legislation in April 2013, however the Senate never took it up.
The White House had threatened to veto the House bill because it didn’t have enough safeguards to ensure the personal information of Americans isn’t inappropriately monitored.
Representative C.A. ’’Dutch’’ Ruppersberger, who serves on the House intelligence committee, reintroduced the bill on Jan. 8 for the new Congress to consider.
“Most recently, Sony was hit by a severe cyber-attack by North Korea –- the first destructive attack we’ve seen yet – and it cost the company millions of dollars,” Ruppersberger said in a statement. “We must stop dealing with cyber-attacks after the fact.”
Some Republicans are upset about Obama’s executive action on immigration last year to allow about 5 million more undocumented immigrants to stay in the U.S. Lawmakers reached a compromise late last year to allow the Homeland Security Department to be funded temporarily.
White House Press Secretary Josh Earnest told reporters yesterday that Obama would veto a Homeland Security spending bill that restricts Obama’s immigration changes.
“There is never a good time for Republicans to do something like this, but right now seems like a particularly bad time,” Earnest said.