President Obama is banking that a spate of high-profile hacks at major American companies will help his new cybersecurity standards succeed where others failed.
The president called Monday for separate bills that would require companies to notify customers within 30 days if their personal information had been compromised and prohibit the selling of student data to third parties for non-education purposes.
But for Obama to leverage the panic over data breaches at Sony Pictures Entertainment, Target and Home Depot, he’ll have to navigate between governmental and business bureaucracies and find a solution amenable to both sides.
As the president laid out his recommendations, the extent of the cyber problem was made even clearer, when hackers tied to the Islamic State of Iraq and Syria took over the U.S. Central Command Twitter feed.
The broader challenge for the White House now is determining how to address concerns among private companies about the extent of information they would have to turn over to the federal government in warding off cyber attacks. And government agencies already under fire for cyber snooping would also have to consent to sharing a greater level of data with private businesses, a development that makes some in the intelligence community uneasy.
“The problem is we’ve been unable to have a meeting of minds with what the final solution looks like,” said Tom Boyd, a partner at DLA Piper and former assistant attorney general under Ronald Reagan. “One of the problems people have is that sharing information with the government imposes liability. And nobody wants to be targeted in a way that puts their brand in the public arena like Sony or Target.”
This is not Obama’s first attempt to find a better blueprint on cybersecurity. The president has seen even modest cyber protections die on Capitol Hill, and his White House has hardly pressured lawmakers to resurrect those efforts.
Republicans are welcoming the latest outreach from the White House but call it long overdue.
“This level of personal engagement on legislation by the president certainly would have helped advance the bipartisan cybersecurity information sharing bill authored [last year],” Sen. John Thune R-S.D., chairman of the Senate Commerce, Science, and Transportation Committee, said. “After approval of the bill at the committee level, Senate Democratic leadership refused to give it a vote on the Senate floor.”
Obama and the top Republican and Democratic leaders in the House and Senate will discuss cybersecurity issues, among other pressing matters, at a rare White House meeting Tuesday between the various camps.
Obama certainly has a new incentive to address cybersecurity, given the extent to which the Sony hack exposed U.S. shortcomings in fending off attacks, even from nations lacking sophisticated military operations.
“Hopefully that got the attention of people on Capitol Hill," White House press secretary Josh Earnest said of the Sony hack Monday, calling for lawmakers to "fulfill their responsibilities to actually make progress on this issue."
At the center of the debate is how to proceed on elements of the Cyber Intelligence Sharing and Protection Act, a long-stalled bill on Capitol Hill that would offer liability protections to companies in exchange for the sharing of cybersecurity information.
“The hard question is what to do about how private companies collect, use and secure data about consumers — questions Congress has struggled with since the [Federal Trade Commission] asked for new legislation in 2000,” said Berin Szoka, president of the think tank TechFreedom.
“We need a regulatory framework that doesn’t hamstring American companies the way EU privacy regulation crippled Europe’s anemic tech sector, while also addressing real consumer protection problems,” he added.
The White House is still hashing out details about how to modify the legislation, as it previously balked over the bill’s privacy language.
For his part, Obama insists he can find a resolution that satisfies big business, the intelligence community and civil liberties groups.
“Business leaders want their privacy and their children’s privacy protected, just like everybody else does,” he said Monday in a speech at the Federal Trade Commission. “Consumer and privacy advocates also want to make sure that America keeps leading the world in technology and innovation and apps. So there are some basic, common-sense, pragmatic steps that we ought to all be able to support."